[OpenID] Summary: identity url suggested formats?
Jamie McClelland
jm at mayfirst.org
Thu Aug 2 16:27:29 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks everyone for your helpful responses! See summary below:
* The openId spec doesn't specify best practices on formatting of the identity
URLS - so http://domain.org/user and http://user.domain.org are equally valid
and, while subdomains (http://user.domain.org) is in use as a format it is
not a convention
* Mark Wahl has an very detailed discussion of username in the domain or path
which is located here:
http://www.ldap.com/1/commentary/wahl/20070729_01.shtml.
Particularly of note: user in the domain portion restricts the username to be
case-insensitive, limited to 255 characters, and "either an ASCII alphanumeric
string [a-z0-9-] (RFC 1034 section 3.5), or an international domain name
component that is UTF-8 encoded and with its octets percent-encoded."
* User in the path makes https cheaper to implement. On the other hand, wild
card certs could change that. And - user in the domain part allows people to
use their own certs if they want. Regardless of the format chosen - starting
with https is a good practice.
* Since both are valid - pick the shortest one that resolves the fastest
jamie
- --
Jamie McClelland
718-303-3204 ext. 101
May First/People Link
Growing networks to build a just world
http://www.mayfirst.org
Members Local 1180, Communications Workers of America, AFL-CIO
PGP Key: http://mayfirst.org/jamie-pgp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGsgXxnq83YnbMBX0RAiifAJ9ovs80sZG2EjXxFebjyeFqulx9zwCffft+
AatvxTqSCwOt0EIeaAVFdNY=
=ZUxq
-----END PGP SIGNATURE-----
More information about the general
mailing list