When are and aren't two URLs the same? (ports)

Jonathan Daugherty cygnus at janrain.com
Fri Apr 14 18:41:06 UTC 2006


# I think we, as the community, have to decide on the following
# question: In an OpenID context, as well as a LID context, should a
# Relying Party accept a signature that contains
#
#     http://example.com/joe
# if it wanted to prove
#     http://example.com:80/joe
#
# Or vice versa?

I think the simplest answer is: it's up to individual identity
providers to decide what is equivalent by setting up the appropriate
redirects.  I'm not sure we can standardize on rules that everyone can
afford to follow.  The redirection process can canonicalize any URL in
whatever way is appropriate for the identity provider that manages
that URL space.

-- 
  Jonathan Daugherty
  JanRain, Inc.


More information about the yadis mailing list