[OpenID] URL normalization issues

Gabe Wachob gabe.wachob at amsoft.net
Fri Mar 23 18:11:22 UTC 2007


RFC 2616 is very clear about what to do: http://example.com and
http://example.com/ should be equivalent. Again, see section 3.1.2 of RFC
2616. 

Furthermore, I'm not sure why we have to talk about a "normalized" form. If
all implementations comply with RFC 2616, section 3.1.2, then it doesn't
matter whether a component is presented with http://example.com or
http://example.com/, it should do the same thing (ie it should treat the two
as equivalent). 

And I don't see why it matters that some web browsers want to redirect
http://example.com/foo to http://example.com/foo/ - you should be able to
reconfigure a server not to do that, if it causes problems for OpenID. 

I don't think we should create any new rules that differ from section 3.1.2
and the other equality rules in 2616 and 3986. The argument about human
usability (e.g. humans get confused between http://example.com/foo and
http://example.com/foo/ ) doesn't persuade me to make an exception to
equality rules. We've never made any other specific openid processing rules
based on human usability concerns.  And besides, if human usability of HTTP
URLs is an issue, you always have another choice of identifier ;-) 

In all seriousness, I think if everyone just follows the letter of the RFCs,
I don't see any real issue here. I think it's just a compliance problem, not
an OpenID spec problem. 

	-Gabe


> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Rowan Kerr
> Sent: Friday, March 23, 2007 8:05 AM
> To: openid-general
> Subject: Re: [OpenID] URL normalization issues
> 
> On 23-Mar-07, at 11:01 AM, Dmitry Shechtman wrote:
> > The last time I checked http://claimid.com/damnian was not
> > equivalent to
> > http://claimid.com/damnian/
> 
> Right. But the problem is some OpenID libraries seem to be
> "normalizing" /damian to /damian/ and some web servers would actually
> treat the two as equivalent (by always redirecting to the trailing
> slash version).
> 
> So I think what we're trying to figure out is what to say in the spec
> so that it's very clear what an OpenID library should do with those
> two URLs.
> 
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general




More information about the general mailing list