[PROPOSAL] Handle "http://user at example.com" Style Identifiers
Martin Atkins
mart at degeneration.co.uk
Thu Nov 9 17:05:10 UTC 2006
David Fuelling wrote:
> Phillip,
>
> Ok, now I understand what you're saying about "not using Http in this way".
>
> However, I'm not advocating doing anything with the username part of an
> email (this might be where we're missing each other). I'm saying that we
> just take the <domain> + <tld> of an email, normalize it per the OpenId
> spec, and use that Http URL that we get as the URL of our IdP.
>
One idea we came up with before was to specify that blah at example.com
becomes http://blah@example.com/ and the RP should try sending an
authenticate header for basic auth with base64 of "blah:" (empty password)
This way it's (kinda) true to the meaning of that portion of the URL
scheme and it allows the IdP to distinguish between different users.
We'd have to check to make sure that this never conflicts with Basic
auth implementations built into servers/frameworks, of course.
More information about the general
mailing list