[OpenID] URL normalization issues
gabe.wachob at amsoft.net
Thu Mar 22 21:42:40 UTC 2007
I don't have any specific data on this issue.
I would note, however, that the equivalence rule you mention does have one
exception - if the path is missing altogether, the http URL is considered
equivalent to the same http URL with only '/' for the path. To wit:
http://www.example.com/ == http://www.example.com
http://www.example.com/foo != http://www.example.com/foo/
See section 6.2.3 of  and section 3.2.3 of  ("An empty abs_path is
equivalent to an abs_path of "/")
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Johnny Bufu
> Sent: Thursday, March 22, 2007 2:34 PM
> To: openid-general
> Subject: [OpenID] URL normalization issues
> Hello list!
> While testing the openid4java code recently, I have come across a
> couple URL normalization issues:
> - According to the RFC3986 , an empty path in an HTTP URL should
> be normalized to "/" (though it's a lower case 'should'). So it seems
> that a few of our normalization examples in the OpenID spec  are
> - If you try to login into LiveJournal with something like http://
> example.com/some/path , the OpenID authentication request that gets
> sent is for http://example.com/some/path/ (added trailing slash).
> Again, if I'm reading the normalization RFC correctly, the two URLs
> are not necessarily equivalent, and the latter is not the normalized
> form of the former.
> Have others encountered this issue? I'm curious what would be the
> best way to deal with something like this. On a case-by-case/OP basis
> would mean deployment issues, while addressing this at the library
> level would not be entirely correct from a technical point of view.
>  http://www.ietf.org/rfc/rfc3986.txt
>  http://openid.net/specs/openid-
> general mailing list
> general at openid.net
More information about the general