<div dir="ltr">Right, we normalized to https:// when a user just typed user@host and that was a quite deliberate thing I did. It was not just left off from SWD day. We had plenty of days to review it, and I did. There were several reasons: <div>
<ol style><li style>I was not certain of what will become of acct: uri. I am still concerned that some Cool URI people may ring in at the very end and jeopardize; <br></li><li style>Minimal impact to the existing codes;</li>
<li style>Easy for the code: they can use conventional URI parser to extract userinfo, host, and port. </li><li style>There is nothing wrong with using https:// instead of acct: as far as Webfinger is concerned. </li></ol>
<div style>True, the Webfinger has in its non-normative example, acct: uri example for OpenID Connect. However, that is just an example. When we went to implementer's draft review period, we had a normative text around https://, which has no problem on our part. Switch from acct: to https:// is not an editorial errata. It is a technical change and should not be dealt with lightly from the process point of view. </div>
</div><div style><br></div><div style>Also, I cannot find the ticket which is associated with the change set <a href="https://bitbucket.org/openid/connect/commits/20ebf0461dea1daa76d63aeb824fb36dd79fd2f2">20ebf04</a>, which is a normative change after the start of the review period. Is there one? If not, we need to create it. </div>
<div><div><br></div><div style>Nat</div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/7/1 John Bradley <span dir="ltr"><<a href="mailto:ve7jtb@ve7jtb.com" target="_blank">ve7jtb@ve7jtb.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">The problem with normalizing "user@host" to "https:user@host" is mostly that simple WF servers may only match on the acct: form it seems to be the recommended thing to normalize input to.<div>
<br></div><div>Before we made the last change in normalization rules to support "acct:" all input without a scheme was normalized to "https:" , even if we backed that out we would still need to still need a rule to support non-higher-archical URI like "acct:".</div>
<div><br></div><div>The bottom line is if someone types "user@host" we should have one way of converting that to a URI for WF, otherwise we are headed for interoperability issues.</div><div><br></div><div>We also need to think about what we do for RFC3541 "tel:" as it is also not higher-archical, though likely it will need some sort of meta-data service/proxy to be useful. </div>
<div><br></div><div>John B.</div><div><div class="h5"><div><br></div><div><br><div><div>On 2013-06-29, at 9:16 PM, Nat Sakimura <<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>> wrote:</div>
<br><blockquote type="cite"><div dir="auto"><div>Actually, I and John discussed this issue over Skype last night and John's response was the result of it. So my comments are included in his response. </div>
<div><br></div><div>BTW, what is the value in normalizing to acct scheme? To me, https seems perfectly fine, and would not cause the problems that Justin is getting. <br><br>=nat via iPhone</div><div><br>Jun 30, 2013 2:17�$B!"�(BMike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>> �$B$N%a%C%;!<%8�(B:<br>
<br></div><blockquote type="cite">
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Can you work on a concrete proposal to apply as errata, John? And Nat, once you’re able to think critically, maybe you could work on this as well?</span></p>
<div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><br></div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> Thanks both,</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> -- Mike</span></p><div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><br>
</div>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> John Bradley [<a href="mailto:ve7jtb@ve7jtb.com" target="_blank">mailto:ve7jtb@ve7jtb.com</a>]
<br>
<b>Sent:</b> Saturday, June 29, 2013 9:19 AM<br>
<b>To:</b> Mike Jones<br>
<b>Cc:</b> Justin Richer; <a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a> List; Peter Saint-Andre<br>
<b>Subject:</b> Re: [Openid-specs-ab] Issue #856: Discovery - URI grammar definition doesn't allow acct: scheme (openid/connect)</span></p>
</div>
</div><div> <br></div><p class="MsoNormal">I think part of our problem is that in RFC3986 "host" is part of authority and authority is part of higher-part which begins with "//".</p>
<div><div> <br></div>
</div>
<div><p class="MsoNormal">The "mailto" scheme stuffs everything into path so doesn't have and authority owing to dealing with multiple recipients (it is a complex scheme) .</p>
</div>
<div><div> <br></div>
</div>
<div><p class="MsoNormal">If "acct" was using higher-part rather than path it would simplify our job trying to normalize the various sorts of inputs for discovery.</p>
</div>
<div><div> <br></div>
</div>
<div><p class="MsoNormal">The "acct" scheme uses ":" userpart "@" host (It defines userpart rather than re using userinfo). While being unusual having host in a path, I am guessing it is just the ABNF, so is a different host from the one in higher-part.</p>
</div>
<div><div> <br></div>
</div>
<div><p class="MsoNormal">I don't think the below works for generic URI without a higher-part so we would be better saying or "acct" ":" userpart "@" host.</p>
</div>
<div><div> <br></div>
</div>
<div><p class="MsoNormal">That leaves out the mailto uri but processing rules to generically pick that apart are a real challenge, and would need to be restricted to a single recipient with no headers etc so would need it's own section for that scheme specifically
if we want to support it.</p>
</div>
<div><div> <br></div>
</div>
<div><p class="MsoNormal">There is also a problem with differentiating <a href="http://foo.org/" target="_blank">
foo.org</a>:8080 as that could be interpreted as a scheme or <a href="http://foo.org/" target="_blank">
foo.org</a> with a path of 8080 so being explicit about what schemes without higher-part are supported may be a good idea. </p>
</div>
<div><div> <br></div>
</div>
<div><p class="MsoNormal">John B.</p>
</div>
<div><div> <br></div>
</div>
<div>
<div>
<div><p class="MsoNormal">On 2013-06-29, at 7:20 AM, Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>> wrote:</p>
</div><p class="MsoNormal"><br>
<br>
</p>
<div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I'd add another "or" to prevent confusion as below, but otherwise I agree with this change. Do others?</span></p>
</div>
<div><div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><br></div>
</div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">a URI in the form of scheme "://" authority path-abempty [ "?" query ] [ "#" fragment ]<span> </span><span style="color:red">or<span> </span></span>authority
path-abempty [ "?" query ] [ "#" fragment ]<span> </span><span style="color:red">or scheme ":" userinfo "@" host</span><span> </span>per RFC 3986 [RFC3986]</span></p>
</div>
<div><div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><br></div>
</div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> -- Mike</span></p>
</div>
<div><div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><br></div>
</div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">-----Original Message-----<br>
From: <a href="mailto:openid-specs-ab-bounces@lists.openid.net" target="_blank">openid-specs-ab-bounces@lists.openid.net</a> [mailto:<a href="mailto:openid-" target="_blank">openid-</a><a href="mailto:specs-ab-bounces@lists.openid.net" target="_blank">specs-ab-bounces@lists.openid.net</a>] On Behalf Of Justin Richer<br>
Sent: Friday, June 28, 2013 6:55 AM<br>
To: <a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a><br>
Subject: [Openid-specs-ab] Issue #856: Discovery - URI grammar definition doesn't allow acct: scheme (openid/connect)</span></p>
</div>
<div><div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><br></div>
</div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">New issue 856: Discovery - URI grammar definition doesn't allow acct: scheme<a href="https://bitbucket.org/openid/connect/issue/856/discovery-uri-grammar-definition-doesnt" target="_blank"><span style="color:windowtext;text-decoration:none">https://bitbucket.org/openid/connect/issue/856/discovery-uri-grammar-definition-doesnt</span></a></span></p>
</div>
<div><div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><br></div>
</div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Justin Richer:</span></p>
</div>
<div><div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><br></div>
</div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">The instructions as written in 2.1.1/2.1.2 don't actually allow for the acct: URI scheme. The acct: scheme is a non-heirarchical URI, which means it doesn't include the "//"
component, and the text currently states:</span></p>
</div>
<div><div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><br></div>
</div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">```</span></p>
</div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> a URI either in the form of scheme "://" authority path-abempty [ "?" query ] [ "#" fragment ] or authority path-abempty [ "?" query ] [ "#" fragment ] per RFC 3986 [RFC3986].</span></p>
</div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">```</span></p>
</div>
<div><div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><br></div>
</div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I think this needs an errata published as the intent was more like:</span></p>
</div>
<div><div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><br></div>
</div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">```</span></p>
</div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> a URI in the form of scheme "://" authority path-abempty [ "?" query ] [ "#" fragment ], authority path-abempty [ "?" query ] [ "#" fragment ], **or scheme ":" userinfo
"@" host** per RFC 3986 [RFC3986].</span></p>
</div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">```</span></p>
</div>
<div><div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><br></div>
</div>
<div><div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><br></div>
</div>
<div><div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><br></div>
</div>
<div><div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><br></div>
</div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">_______________________________________________</span></p>
</div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Openid-specs-ab mailing list</span></p>
</div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank"><span style="color:windowtext;text-decoration:none">Openid-specs-ab@lists.openid.net</span></a></span></p>
</div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank"><span style="color:windowtext;text-decoration:none">http://lists.openid.net/mailman/listinfo/openid-specs-ab</span></a></span></p>
</div><p class="MsoNormal"><span style="font-size:13.5pt;font-family:"Helvetica","sans-serif"">_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank"><span style="color:purple">Openid-specs-ab@lists.openid.net</span></a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank"><span style="color:purple">http://lists.openid.net/mailman/listinfo/openid-specs-ab</span></a></span></p>
</div>
</div><div> <br></div>
</div>
</div>
</blockquote><blockquote type="cite"><span>_______________________________________________</span><br><span>Openid-specs-ab mailing list</span><br><span><a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a></span><br>
<span><a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></span><br></blockquote></div>
</blockquote></div><br></div></div></div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Nat Sakimura (=nat)<div>Chairman, OpenID Foundation<br><a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en</div>
</div>