[OpenID] URL normalization and capitalization
Peter Williams
pwilliams at rapattoni.com
Tue Aug 5 03:41:42 UTC 2008
The openid URI (limited to HTTP and HTTPS, by profiling) is surely "for discovery" - either URL resolution (as defined by HTTP) or XRI resolution. It's not the claimedID being tested by the RP (and later affirmed by the OP).
Of course, the claimedID could look like a URI. But isn't it formally an opaque type (effectively: byte[])?
If claimedID is essentially a byte array, then, obviously, any two values (with identical encodings) are indeed different ...if any one bit is different. It is intended to act as a "primary key", after all.
NB I have not read the spec in 6 months and have thus forgotten most of the formalisms used. I'm going on intuition and memory of the "intended mental model", when making these assertions. More than happy ... to be corrected.
-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of SitG Admin
Sent: Monday, August 04, 2008 8:21 PM
To: Dick Hardt
Cc: general at openid.net
Subject: Re: [OpenID] URL normalization and capitalization
>paths are case sensitive.
That's unpleasantly inconsistent, then. The protocol also treats
HTTP://USER.SITE.COM as different from HTTPS://USER.SITE.COM, doesn't
it?
Does anyone here know of ANY site that assigns similar URI's to
different users like this? Being the same URI with only
capitalization or SSL different?
If we don't know any, I suggest that the reassurance of being able to
treat them identically be valued over the possibility that, sometime
in the future, a site might do so.
-Shade
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list