Trailing Slash?
Mark Rafn
dagon at dagon.net
Mon Oct 17 17:09:31 PDT 2005
> On Mon, Oct 17, 2005 at 12:32:37PM -0800, Christopher E. Granade wrote:
>> * The delegate identity URL must be canonical. It will not be further
>> processed by the consumer, so be sure it has the "http://" and
>> trailing slash, if there's no path component.
>> NOTE: The consumer SHOULD append a trailing slash if appropriate, and
>> if the login fails without the slash appended. Note also that a server
>> SHOULD NOT recognize two identity URLs that differ only by a trailing
>> slash.
On Mon, 17 Oct 2005, Dave Holland wrote:
> My web server (Apache, FWIW) issues a redirect with code 301 if the
> trailing slash is omitted from a directory-level URL. Is it worth saying
> something like...
>
> [the URL] "will not be further processed by the consumer except to
> follow HTTP redirects, so be sure..." [etc]
>
> or is that pushing too much work onto the consumer?
The consumer currently makes NO connection to the URL of the delegate
identity. Changing this seems like it would be a bad idea (especially if
you then got into the idea of chained delegation...)
I don't see a strong argument against changing the spec to require a
consumer to canonicalize (but not to fetch or to follow redirects) the
delegate ID, but I also don't see any reason to do so.
Think of it this way: the claimed identity is intended to be typed into a
form, or otherwise come from a human. Flexibility is good, because humans
are lazy and ignorant.
The delegated identity can ONLY come from a programmatic source (the
contents of the canonicalized and resolved claimed identity URL), so
there's no reason to require a consumer to guess the correct URL from a
shorthand version.
--
Mark Rafn dagon at dagon.net <http://www.dagon.net/>
More information about the yadis
mailing list