URL canonicalization

Dan Libby danda at videntity.org
Wed Sep 14 14:53:28 PDT 2005

Hi, in my database, I need to uniquely keep track of visitors that are
logging in via remote OpenID servers.  The best key available is their
identity url.  But that leaves me with a question about how exactly to
canonicalize it, that the spec does not clearly address.

The spec says:

"Note that the user can leave off "http://" and the trailing "/". A
consumer must canonicalize the URL, following redirects and noting the
final URL. The final, canonicalized URL is the user's identity URL."

Okay, so case-insensitivity is fairly obvious. I'm already lower-casing
everything.  But what about http vs https?    For example, should
"https://sally.people.com/" be treated as a separate identity from
"http://sally.people.com/"?    Or should the protocol be ignored?

I suppose the issue can be broadened to: the spec is a bit vague about
canonicalization of identity URLs.  Can we get clarification?


Dan Libby

More information about the yadis mailing list