When are and aren't two URLs the same? (ports)

Grant Monroe grant at janrain.com
Thu Apr 13 23:57:58 UTC 2006 

On 4/13/06, Johannes Ernst <jernst+lists.danga.com at netmesh.us> wrote:
> Do these URLs:
>      http://example.com/joe
>      http://example.com:80/joe
> represent the same identity?
>
> This is not a hypothetical question, because this very issue kept me
> (and all mylid.net users) from logging into the IIW wiki
> successfully. Specifically, our server responded with 404 when asked
> for URL http://mylid.net:80/jernst because it only served http://
> mylid.net/jernst. Other problems may occur in the OpenID crypto, URL
> caches, even account systems.
>
> On the HTTP protocol level, the difference is between
>      GET /joe http/1.1
>      Host: example.com
> and
>      GET /joe http/1.1
>      Host: example.com:80
>
> Turns out that if you type this type of URL into various browsers
>      http://example.com:80/joe
> different things happen:
>      1) IE immediately zaps it as if you had never entered it

If IE isn't going to distinguish between the two URLs, we'd be
fighting a loosing battle to do anything different.

>      2) Mozilla zaps it in the URL field, but adds the port spec to
> the host header
>      3) Safari leaves it fully intact
> So there doesn't seem to be much of a consensus.
>
> I think we, as the community, have to decide on the following question:
> In an OpenID context, as well as a LID context, should a Relying
> Party accept a signature that contains
>      http://example.com/joe
> if it wanted to prove
>      http://example.com:80/joe
> ?
> Or vice versa?
>
> A version of this discussion took place on this list before, I
> believe, and people generally didn't want to get into it. However, at
> a minimum, we need to say "no URL transformation of any kind shall be
> permitted" if that is what we decide.
>
> Alternatively, one can define equivalence rules -- here is a draft as
> we have it for LID (but equally well applies to OpenID and Yadis)
>      http://lid.netmesh.org/wiki/LID_2.0_Canonical_LID_URL
>
> Thoughts?
>
>
>
> Johannes Ernst
> NetMesh Inc.
>
>
>
>   http://netmesh.info/jernst
>
>
>
>
>
>
>
>


--
"Records and live performance are two worlds. One is a love letter,
the other a hot date." - Robert Fripp

More information about the yadis mailing list