takcy / openid4java

Automatically exported from code.google.com/p/openid4java
Apache License 2.0
0 stars 0 forks source link

IRI handling #63

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
IRIs (i.e. HTTP URIs with characters outside of the ranges defined by the 
URI RFCs) should not be accepted as user-supplied identifiers by the 
discovery package, and more generally by the openid protocol level.

Reasoning: handling of such URIs is not defined by the protocol, which can 
lead to inconsecvent encodings between libraries.

Library clients must present valid HTTP URIs to the library, and handle 
the encoding to HTTP URI-form explicitly.

Utility methods should be provided to encode/decode specific IRIs to URI 
form.

Original issue reported on code.google.com by Johnny.B...@gmail.com on 15 Jul 2008 at 8:19

GoogleCodeExporter commented 8 years ago
There doesn't seem to be an acceptable way of safely encoding IRIs to URIs for 
identity purposes.
http://www.w3.org/2003/04/iri.html

Such encoding should be done at the clients' discretion, with their choice of 
utilities / implementation, such as org.openxri.IRIUtils.

Original comment by Johnny.B...@gmail.com on 16 Nov 2012 at 1:06