[OpenID] URL normalization issues
Drummond Reed
drummond.reed at cordance.net
Fri Mar 23 05:24:24 UTC 2007
Johnny,
This one is tough. The rules are clear for URI authority segments, as Gabe
stated:
http://www.example.com/ == http://www.example.com
But because any trailing slash on a segment after the authority segment is
significant, the only way I can see for OPs to handle it well is to make it
a local policy to put both versions into a synonym table for the user. For
example, make both...
http://www.example.com/username
http://www.example.com/username/
...synonyms for the same user.
The full details of how and why OPs and RPs should use synonym tables is
covered in the FAQ on the dev.inames.net site at:
http://dev.inames.net/wiki/Tech_FAQs#What_are_the_recommended_modifications_
OpenID_Relying_Parties_.28RPs.29_should_make_to_their_user_tables.3F
This issue is so important, I believe the spec should point out the
importance of synonym tables and possibly even include an appendix with the
recommended best practices.
Hope this helps,
=Drummond
-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Johnny Bufu
Sent: Thursday, March 22, 2007 3:25 PM
To: Gabe Wachob
Cc: 'openid-general'
Subject: Re: [OpenID] URL normalization issues
Hi Gabe,
I think I was saying the same thing, or at least trying to ;-),
specifically:
On 22-Mar-07, at 2:42 PM, Gabe Wachob wrote:
> I would note, however, that the equivalence rule you mention does
> have one
> exception - if the path is missing altogether, the http URL is
> considered
> equivalent to the same http URL with only '/' for the path. To wit:
>
> http://www.example.com/ == http://www.example.com
The OpenID spec gives the wrong example in regard to this, in the
'Normalization examples' section.
> http://www.example.com/foo != http://www.example.com/foo/
LiveJournal *does* perform the above transformation, which can break
things for unaware OPs.
So I was wondering what would be a good approach to deal with this at
a global level (if possible).
Johnny
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list