[OpenID] URL normalization issues

Gabe Wachob gabe.wachob at amsoft.net
Thu Mar 22 14:42:40 PDT 2007


I don't have any specific data on this issue. 

I would note, however, that the equivalence rule you mention does have one
exception - if the path is missing altogether, the http URL is considered
equivalent to the same http URL with only '/' for the path. To wit:
http://www.example.com/ == http://www.example.com
http://www.example.com/foo != http://www.example.com/foo/

See section 6.2.3 of [1] and section 3.2.3 of [2] ("An empty abs_path is
equivalent to an abs_path of "/")

    -Gabe

[1] http://www.ietf.org/rfc/rfc3986.txt
[2] http://www.ietf.org/rfc/rfc2616.txt



> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Johnny Bufu
> Sent: Thursday, March 22, 2007 2:34 PM
> To: openid-general
> Subject: [OpenID] URL normalization issues
> 
> Hello list!
> 
> While testing the openid4java code recently, I have come across a
> couple URL normalization issues:
> 
> - According to the RFC3986 [1], an empty path in an HTTP URL should
> be normalized to "/" (though it's a lower case 'should'). So it seems
> that a few of our normalization examples in the OpenID spec [2] are
> wrong.
> 
> 
> - If you try to login into LiveJournal with something like http://
> example.com/some/path , the OpenID authentication request that gets
> sent is for http://example.com/some/path/ (added trailing slash).
> Again, if I'm reading the  normalization RFC correctly, the two URLs
> are not necessarily equivalent, and the latter is not the normalized
> form of the former.
> 
> Have others encountered this issue? I'm curious what would be the
> best way to deal with something like this. On a case-by-case/OP basis
> would mean deployment issues, while addressing this at the library
> level would not be entirely correct from a technical point of view.
> 
> 
> Johnny
> 
> [1] http://www.ietf.org/rfc/rfc3986.txt
> [2] http://openid.net/specs/openid-
> authentication-2_0-11.html#normalization_example
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general



More information about the general mailing list