[OpenID] URL normalization issues

Drummond Reed drummond.reed at cordance.net
Fri Mar 23 05:24:24 UTC 2007


Johnny,

This one is tough. The rules are clear for URI authority segments, as Gabe
stated:

	http://www.example.com/ == http://www.example.com

But because any trailing slash on a segment after the authority segment is
significant, the only way I can see for OPs to handle it well is to make it
a local policy to put both versions into a synonym table for the user. For
example, make both...

	http://www.example.com/username
	http://www.example.com/username/

...synonyms for the same user.

The full details of how and why OPs and RPs should use synonym tables is
covered in the FAQ on the dev.inames.net site at:

	
http://dev.inames.net/wiki/Tech_FAQs#What_are_the_recommended_modifications_
OpenID_Relying_Parties_.28RPs.29_should_make_to_their_user_tables.3F

This issue is so important, I believe the spec should point out the
importance of synonym tables and possibly even include an appendix with the
recommended best practices.

Hope this helps,

=Drummond 

-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Johnny Bufu
Sent: Thursday, March 22, 2007 3:25 PM
To: Gabe Wachob
Cc: 'openid-general'
Subject: Re: [OpenID] URL normalization issues

Hi Gabe,

I think I was saying the same thing, or at least trying to ;-),  
specifically:

On 22-Mar-07, at 2:42 PM, Gabe Wachob wrote:
> I would note, however, that the equivalence rule you mention does  
> have one
> exception - if the path is missing altogether, the http URL is  
> considered
> equivalent to the same http URL with only '/' for the path. To wit:
>
> http://www.example.com/ == http://www.example.com

The OpenID spec gives the wrong example in regard to this, in the  
'Normalization examples' section.


> http://www.example.com/foo != http://www.example.com/foo/

LiveJournal *does* perform the above transformation, which can break  
things for unaware OPs.


So I was wondering what would be a good approach to deal with this at  
a global level (if possible).


Johnny

_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general




More information about the general mailing list