[OpenID] URL normalization issues

Johnny Bufu johnny at sxip.com
Thu Mar 22 21:34:26 UTC 2007


Hello list!

While testing the openid4java code recently, I have come across a  
couple URL normalization issues:

- According to the RFC3986 [1], an empty path in an HTTP URL should  
be normalized to "/" (though it's a lower case 'should'). So it seems  
that a few of our normalization examples in the OpenID spec [2] are  
wrong.


- If you try to login into LiveJournal with something like http:// 
example.com/some/path , the OpenID authentication request that gets  
sent is for http://example.com/some/path/ (added trailing slash).  
Again, if I'm reading the  normalization RFC correctly, the two URLs  
are not necessarily equivalent, and the latter is not the normalized  
form of the former.

Have others encountered this issue? I'm curious what would be the  
best way to deal with something like this. On a case-by-case/OP basis  
would mean deployment issues, while addressing this at the library  
level would not be entirely correct from a technical point of view.


Johnny

[1] http://www.ietf.org/rfc/rfc3986.txt
[2] http://openid.net/specs/openid- 
authentication-2_0-11.html#normalization_example




More information about the general mailing list