[OpenID] Summary: identity url suggested formats?

Jamie McClelland jm at mayfirst.org
Thu Aug 2 16:27:29 UTC 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks everyone for your helpful responses! See summary below:

* The openId spec doesn't specify best practices on formatting of the identity
URLS - so http://domain.org/user and http://user.domain.org are equally valid
and, while subdomains (http://user.domain.org) is in use  as a format it is
not a convention

* Mark Wahl has an very detailed discussion of username in the domain or path
which is located here:
http://www.ldap.com/1/commentary/wahl/20070729_01.shtml.
Particularly of note: user in the domain portion restricts the username to be
case-insensitive, limited to 255 characters, and "either an ASCII alphanumeric
string [a-z0-9-] (RFC 1034 section 3.5), or an international domain name
component that is UTF-8 encoded and with its octets percent-encoded."

* User in the path makes https cheaper to implement. On the other hand, wild
card certs could change that. And - user in the domain part allows people to
use their own certs if they want. Regardless of the format chosen - starting
with https is a good practice.

* Since both are valid - pick the shortest one that resolves the fastest

jamie

- -- 
Jamie McClelland
718-303-3204 ext. 101

May First/People Link
Growing networks to build a just world
http://www.mayfirst.org
Members Local 1180, Communications Workers of America, AFL-CIO

PGP Key: http://mayfirst.org/jamie-pgp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGsgXxnq83YnbMBX0RAiifAJ9ovs80sZG2EjXxFebjyeFqulx9zwCffft+
AatvxTqSCwOt0EIeaAVFdNY=
=ZUxq
-----END PGP SIGNATURE-----



More information about the general mailing list