[OpenID] Calling OpenID 2.0 editors(wasRE:ProblemswithOpenIDand TAG httpRange-14)

Noah Slater nslater at bytesexual.org
Fri Mar 14 11:42:43 UTC 2008 

On Thu, Mar 13, 2008 at 12:45:09PM -0700, Drummond Reed wrote:
> Noah, as Eddy points out, if you consider this a problem, you can fix this
> by instructing your OP to return <http://bytesexual.org/> as your
> claimed_id.

As I have previously replied in this thread, this is false if the OpenID
specification specifically requires URIs to be canonicalised in this way.

Am I correct in my understanding that this canonicalisation is part of the spec?

> I continue to believe that when you say, " All this talk of XRIs, URNs and
> URLs is beside the point...", you are missing the point that, when it comes
> to identifying a real-world user, OpenID is dealing with a level of abstract
> identifiers that operate on top of the layer of concrete identifiers used at
> the HTTP protocol level.

Can you provide me with a citation from a standards body that explains or
specifies the difference between abstract and concrete identifiers. In my
experience of WebArch I have not come across any distinction between abstract
and concrete identifiers and the HTTP RFC makes no such provisions.

> The fact that you can fix the problem you described by instructing your OP to
> assert a different identifier than the one your RP is ultimately redirected to
[snip]

As previously mentioned, I can not reasonably be expected to ask my OP to break
the OpenID specification at my whim if my understanding is correct that this is
an explicit part of OpenID.

> is an example of how synonyms at the abstract identifier level do not
> necessarily reflect redirects or other semantics at the HTTP level.

If I understand this correctly you are talking about "synonyms" of identifiers
at the OpenID level and how this does not match with the semantics of
identifiers at the HTTP level.

Yes, this is exactly my point. Where you see an explanation for the behaviour I
see a problem. The OpenID concept of synonyms should match the low-level
semantics of the protocols and standards that it builds upon.

--
Noah Slater <http://bytesexual.org/>

More information about the general mailing list