When are and aren't two URLs the same? (ports)
Grant Monroe
grant at janrain.com
Fri Apr 14 17:27:14 UTC 2006
On 4/13/06, Johannes Ernst <jernst+lists.danga.com at netmesh.us> wrote:
> On Apr 13, 2006, at 16:57, Grant Monroe wrote:
> > If IE isn't going to distinguish between the two URLs, we'd be
> > fighting a loosing battle to do anything different.
>
> I don't think IE's behavior has any bearing on the subject -- other
> than as an interesting analogy, which is the only reason why I
> mentioned it in my e-mail.
>
I just think it is a little strange that we would allow someone to use
a url for their identity that they wouldn't even be able to reach
using IE. This would happen in the case that your webserver returns
something different from http://example.com/ and
http://example.com:80/. If you type the second into IE you will get
the page from the first. If you were to use the second as your
identity url, you couldn't even fetch it with IE.
> The particular interop problem that occurred did not involve a
> browser as a significant part. It occurred when the user (me) entered
> something like
> http://example.com/joe
> into a Relying Party, who then went on to attempt to get the OpenID
> HTML document (could have been the Yadis URL, or the LID meta=lid
> query) from URL
> http://example.com:80/joe
>
> So I think this remains a valid issue, and I'm sure we'll see lots of
> issues like that going forward as adoption of URL-based identity
> accelerates ...
>
>
>
>
> Johannes Ernst
> NetMesh Inc.
>
>
>
> http://netmesh.info/jernst
>
>
>
>
>
>
>
>
--
Grant Monroe
JanRain, Inc.
More information about the yadis
mailing list