[OpenID] URL normalization issues
Johnny Bufu
johnny at sxip.com
Thu Mar 22 21:34:26 UTC 2007
Hello list!
While testing the openid4java code recently, I have come across a
couple URL normalization issues:
- According to the RFC3986 [1], an empty path in an HTTP URL should
be normalized to "/" (though it's a lower case 'should'). So it seems
that a few of our normalization examples in the OpenID spec [2] are
wrong.
- If you try to login into LiveJournal with something like http://
example.com/some/path , the OpenID authentication request that gets
sent is for http://example.com/some/path/ (added trailing slash).
Again, if I'm reading the normalization RFC correctly, the two URLs
are not necessarily equivalent, and the latter is not the normalized
form of the former.
Have others encountered this issue? I'm curious what would be the
best way to deal with something like this. On a case-by-case/OP basis
would mean deployment issues, while addressing this at the library
level would not be entirely correct from a technical point of view.
Johnny
[1] http://www.ietf.org/rfc/rfc3986.txt
[2] http://openid.net/specs/openid-
authentication-2_0-11.html#normalization_example
More information about the general
mailing list