[Openid-specs-ab] Normalization in the openID Simple Web discovery spec.
John Bradley
ve7jtb at ve7jtb.com
Wed Jun 15 22:05:04 UTC 2011
I think we need to clarify 3.1.
The user identifier can be one of the following:
Hostname
Email address
URL
We need to provide a rule for normalizing URL entered without a scheme.
Something like:
1 if the input contains a @ in any position other than the fist one it must be normalized as a Email Address [3.1.2]
2 Otherwise, the input SHOULD be treated as an https URL; if it does not include a "http" or "https" scheme, the Identifier MUST be prefixed with the string "https://". If the URL contains a fragment part, it MUST be stripped off together with the fragment delimiter character "#"
We want example.com and https://example.com to normalize to the same identifier.
We are also referring to OP endpoint. Should that be Authorization endpoint or something more specific?
We also need to be clear that the SWD endpoint is accessed via https:
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110615/10653bbb/attachment.html>
More information about the Openid-specs-ab
mailing list