[OpenID] Problems with OpenID and TAG httpRange-14
Noah Slater
nslater at bytesexual.org
Tue Mar 4 18:30:25 UTC 2008
On Tue, Mar 04, 2008 at 10:25:15AM -0800, Peter Williams wrote:
> I only normalized the user input.
The OpenID spec says:
Consumers MUST canonicalize the Identifier URL, following redirects, and note
the final URL. The final, canonicalized URL is the End User's Identifier.
I think this clearly indicates that the URI must be canonicalised to "/about/".
> My SP openid engine does not know how many redirects (if any) are followed when
> locating the HTML page.
No, but according to the spec you must replace the initial URI with the final one.
As I pointed out, though I'm not sure the references got through the HTTP RFC
and the TAG httpRange-14 findings clearly show that is is incorrect behaviour.
--
Noah Slater <http://bytesexual.org/>
More information about the general
mailing list