Anonymous user   

Draft-029

From Yadis

Jump to: navigation, search
[edit]

Motivation

If a Relying Party receives a URL1 character string as a claimed identity, but the verified identity is URL2, under which circumstances should the Relying Party accept URL2 as equivalent to URL1?

Examples:

  • Do http://example.com/joe and http://example.com/joe/ refer to the same identity?
  • Do http://example.com/joe and http://example.com:80/joe refer to the same identity?
  • Do http://example.com/joe and https://example.com/joe refer to the same identity?

Different Yadis / OpenID / LID implementations have made different assumptions about some of these cases, which has already caused some interoperability problems (informally resolved since). The objective of this proposal is to clarify the rules.

This is not a change proposal for the Yadis 1.0 specification. Instead, we should consider it a separate proposal that may or may not be incorporated into a Yadis 1.1 spec in the future, if there will be such a thing.

I also realize that some provisions in this proposal may be controversial. If so, the Discussion page is your friend ;-)

[edit]

Algorithm

To determine whether or not URL1 and URL2 refer to the same identity, URL1 and URL2 are run through the following canonization algorithm. If and only if canon(URL1) and canon(URL2) are identical character strings, a relying party is allowed to consider them the same identity.

This algorithm only covers URLs with fully-qualified domain names in the host component; identity URLs whose host components are not fully-qualified are generally discouraged, and out of scope for this algorithm. Also, identity URLs with more than one query parameter (e.g. http://example.com/foo?a=b&c=d) are strongly discouraged and out of scope for this algorithm.)

  1. if the URL is internationalized (i.e. an IRI), replace it with its URI form. E.g. http://www.atemschutzunfälle.de/ becomes http://www.xn--atemschutzunflle-7nb.de/
  2. if the protocol is https, replace the protocol with http.
  3. a URL that specifies port 80 or 443 (e.g. http://example.com:80/joe) will be converted to a URL that does not specify a port (e.g. http://example.com/joe).
  4. all characters in the host component are converted to lower case.
  5. all components of the path must be unescaped to the maximum extent possible, provided that no substring is unescaped more than once. For example, if a URL contained %41 as a character, this character needs to be replaced by its unescaped version A. However, if a URL contained %2541, it needs to be replaced by %41, NOT by A. Similarly, if a URL contained %20, for the purposes of comparison this caracter needs to be replaced by a space. If the URL's query component contains a +, it needs to be replaced by a space.
  6. any trailing slash is discarded. For example, the URL http://example.com/joe/ would be replaced by http://example.com/joe. This conversion is performed even for URLs that refer to the top resource on a host (e.g. http://example.com.) Note that this is only for comparison purposes.

If at the end of this algorithm, the resulting character strings are identical, the two URLs are identical for Yadis purposes.

Protocols that use the Yadis framework may assume additional equality rules. For example, a protocol may consider http://xri.net/=Example to be equivalent to http://xri.example.net/=Example for its own purposes, even if Yadis considers these two URLs to be different.















[We are delicate. We do not delete your content.] [l_sp2006] http://top20man.in.ua/black-eyed-peas-mp3 black eyed peas mp3] madonna mp3 eminem mp3 ringtone maker godsmack awake godsmack voodoo sean paul temperature sean paul we be burnin bad day daniel powter system of a down mp3 sean paul mp3 metallica mp3 shakira mp3 rascal flatts what hurts the most rascal flatts bless the broken road red hot chili peppers under the bridge james blunt wisemen bad day daniel powter godsmack mp3 Godsmack Awake godsmack voodoo sean paul temperature Sean Paul We Be Burnin natasha bedingfield unwritten 50 cent mp3 Bad Day Daniel Powter Daniel Powter mp3 Goodbye My Lover James Blunt System Of A Down mp3 Sean Paul mp3 Metallica mp3 Shakira mp3 Black Eyed Peas mp3 Madonna mp3 eminem mp3 Fall Out Boy Grand Theft Autumn Jack Johnson mp3 oscar dresses mother of the bride dresses cocktail dresses Flower Girl Dresses Formal prom Dresses Plus Size Prom Dresses Free Verizon Ringtone godsmack i stand alone goodbye my lover james blunt [fall out boy grand theft autumn jack johnson mp3 natasha bedingfield unwritten 50 cent mp3 nextel ringtone bad day daniel powter daniel powter mp3 verizon ringtone US Cellular Ringtone free sprint ringtone verizon ringtone verizon ringtone bcbg shoes free sprint ringtones cheap prom dresses sexy prom dresses waterford crystal swarovski crystal bead mesothelioma lawsuits mesothelioma symptoms mesothelioma diagnosis Cingular Ringtone free kyocera ringtones Free Nextel Ringtone informal wedding dresses bridal gowns Discount Bridal Gowns Plus Size Swimwear no fax payday loans countrywide home loans fast cash loan guaranteed Naturalizer Shoes Free Kyocera Ringtone formal prom dresses Sexy Prom Dresses Naturalizer Shoestowel warmer Aero Bed


Retrieved from "https://yadis.org/wiki/Draft-029"
Personal tools