that ess in 'https'

Jonathan Daugherty cygnus at janrain.com
Tue Jun 27 04:03:47 UTC 2006


> I thought we were trying to decide whether we should adopt the
> convention that pairs of URLs like the following two URLs, when used
> as identity URLs, are equivalent: identify the same persona.
>
>    http://joaquin.net
>    https://joaquin.net

I've said this before: whether these identity URLs are equivalent is a decision
best left up to the parties serving and / or controlling both URLs.  If you
want one URL to be equivalent to the other -- at least in OpenID land -- you
set up a redirect.

If you're using an identity provider that supports both, fine; you set up a
redirect from http:// to https:// and feel free to use either.  If you only
support https://, even better.  If a user enters a URL with no scheme, then you
define some way to try them in a sane order (e.g. https:// and fall back to
http:// if necessary).

But these are not the same URL, even if they *do* refer to the same person,
persona, dog, or constellation.  If you want that equivalence to manifest on a
case-by-case basis, then implement it as such, and not as some protocol kludge
that abandons standard URL interpretation.  No offense. :)

(Of course, if schemes were necessary on input URLs, some of this would be a
non-issue, but that's a usability issue of its own...)

--
  Jonathan Daugherty
  JanRain, Inc.


More information about the yadis mailing list