[OpenID] Defn of Absolute URL?
Peter Williams
pwilliams at rapattoni.com
Wed May 30 15:23:50 UTC 2007
Ok. The reference to Absolute URI in the 2.0 draft spec is purely
formal, Im guessing. Though the description of Absolute URI in HTTP does
have semantics, but they are very abstract for the purposes of OpenID.
Im guessing OpenID is applying the syntactic constraints. But, I could
well be 100% wrong on that assumption; as perhaps it's the very
semantics that are being invoked:-
Why" Well look at my example again. My example could well be an Absolute
URI.
If my example had been ldaps://127.0.0.1/... this scheme is even more
ambiguous in its formal behaviour, than ldap://127.0.0.1/... As, when
processing ldaps, a dozen http messages may get fired off too by ldaps
scheme providers and consumers, as certs and CRLS and OCSP, and OCSP
cert chains (and its CRLs or OCSP links) and HTTP1.1 caches are checked
by the SSL/PKI components of some huge vendor's ldaps scheme. If the
ldaps client got a referral to another server, even more SSL and http
activity would then occur, based on following URLs in the certs.
Presumably, at the end of the day, the OpenID assertion would be in a
custom ldap attribute.
Where Im going with this ....is that the scheme used in the Absolute URI
MAY BE treated, by an "enhanced" OpenId Authentication Requesting party,
as an "IDP discovery" scheme.
And, this seems to be a correct interpretation of the standard; and a
proper use of the auth protocol.
I just cannot tell if Im reading too much into a definition, when
crafting such a non-practical example. Im really just testing my
understanding of the definitions, trying to guage their criticality and
impact: the nice thing for the standard is, engaging in this at least
offers the text a review by a fresh pair of eyes.
-----Original Message-----
From: Drummond Reed [mailto:drummond.reed at cordance.net]
Sent: Tuesday, May 29, 2007 11:39 PM
To: Peter Williams; 'Recordon, David'; general at openid.net
Subject: RE: [OpenID] Defn of Absolute URL?
>What is an absolute URL?
>
>Is ldap://127.0.0.1/searchop=subtree,<match=attributeslist>, dn=<some
>walled garden DN> an "absolute URL"?
>
>-- understanding that if it is, the addressed resource/agent may chain
>off the search operation as a proxy, if the ldap listener is but a
>front end to a real X.500 server?
See RFC 3986, http://www.ietf.org/rfc/rfc3986.txt, section 4.3.
=Drummond
More information about the general
mailing list