[OpenID] Problems with OpenID and TAG httpRange-14
Johnny Bufu
johnny at sxip.com
Thu Mar 6 14:09:16 PST 2008
On 4-Mar-08, at 11:51 AM, Noah Slater wrote:
> On Tue, Mar 04, 2008 at 02:09:49PM -0500, John Kemp wrote:
>> I don't think it's incorrect to use the final, canonical URI as an
>> identifier for the OpenID user.
>
> RFC 2526 disagrees with you:
>
> The response to the request can be found under a different URI and
> SHOULD be retrieved using a GET method on that resource. This method
> exists primarily to allow the output of a POST-activated script to
> redirect the user agent to a selected resource. THE NEW URI IS NOT A
> SUBSTITUTE REFERENCE FOR THE ORIGINALLY REQUESTED RESOURCE.
>
> Also, I disagree your use of the word canonical, it is only
> canonical insofar
> as it is a misinterpretation of HTTP 1.1 redirection.
With OpenID, the "originally requested resource" is the User-supplied
Identifier (see Terminology[1]).
The result of the OpenID normalization[2] and discovery[3] is a set
defined as Discovered Information[2], which includes a Claimed
Identifier (also defined under Terminology[1]).
The second is not a substitute for the first one. Rather, the first
one is used as a means (possibly shortcut) to get to the second one.
Johnny
[1] http://openid.net/specs/openid-authentication-2_0.html#terminology
[2] http://openid.net/specs/openid-authentication-2_0.html#normalization
[3] http://openid.net/specs/openid-authentication-2_0.html#discovery
[4] http://openid.net/specs/openid-
authentication-2_0.html#discovered_info
More information about the general
mailing list