that ess in 'https'
Jonathan Daugherty
cygnus at janrain.com
Tue Jun 27 04:03:47 UTC 2006
> I thought we were trying to decide whether we should adopt the
> convention that pairs of URLs like the following two URLs, when used
> as identity URLs, are equivalent: identify the same persona.
>
> http://joaquin.net
> https://joaquin.net
I've said this before: whether these identity URLs are equivalent is a decision
best left up to the parties serving and / or controlling both URLs. If you
want one URL to be equivalent to the other -- at least in OpenID land -- you
set up a redirect.
If you're using an identity provider that supports both, fine; you set up a
redirect from http:// to https:// and feel free to use either. If you only
support https://, even better. If a user enters a URL with no scheme, then you
define some way to try them in a sane order (e.g. https:// and fall back to
http:// if necessary).
But these are not the same URL, even if they *do* refer to the same person,
persona, dog, or constellation. If you want that equivalence to manifest on a
case-by-case basis, then implement it as such, and not as some protocol kludge
that abandons standard URL interpretation. No offense. :)
(Of course, if schemes were necessary on input URLs, some of this would be a
non-issue, but that's a usability issue of its own...)
--
Jonathan Daugherty
JanRain, Inc.
More information about the yadis
mailing list