work at zefiro.de
Mon Oct 17 14:09:24 PDT 2005
> NOTE: The consumer SHOULD append a trailing slash if appropriate, and
> if the login fails without the slash appended. Note also that a server
> SHOULD NOT recognize two identity URLs that differ only by a trailing
please note that IRIs with and without trailing slash (with non-empty paths) are indeed different. Most servers are configured
to accept requests with a missing trailing slash and silently 301 REDIRECT you to the correct IRI.
I am a bit lost concerning empty path arguments. If I try to
> telnet proxy.example.com 3128
> HEAD HTTP/1.1
> host: www.livejournal.com
I get an error. I wouldn't know how to even ask for an empty path if I were a user agent. But I assume I'd also get a 301 REDIRECT.
So if you want to change something than add to the spec that the delegate URI (is OpenID IRI-capable?) will not be processed by
the consumer, but 301 REDIRECTs will be followed. Which I think would be sensible to do IF it were a thing for the consumer to
But as I understand it, it is not. Instead, the delegate URI is taken as-is and the OpenID-server is asked whether the user in
questions owns these URI. I'm not sure if it should be up to the client, to the server or to none of them to check for redirects
on the delegate URI. To my understanding of the current specs the delegate URI does not even have to exist or belong to the user
or anyone at all. All that's required is that the claimed identity uses this as a token to give to the OpenID-server, which then
does whatever he wants with it (usually checking if he can confirm a relationship between the user and the URI).
More information about the yadis