Google App Account as OpenID

Scroll down for English.

這是我今天在高雄 MozTW 連續聚的講題:Google Apps 帳號 OpenID 化,或是說,用 Google Apps 把網域升級成 OpenID 帳號提供者。

同時提供英文版投影片


This is my talk in MozTW gathering at Kaohsiung today: Google Apps Account as OpenID, or, OpenID-ize your domain with Google Apps.

Slides are also available in zh-TW.

URL Normalization and Domain Name Trailing Dot

I was playing around with OpenID recently. I found that

http://timc.idv.tw/

and

http://timc.idv.tw./

are actually two distinct OpenID identifies. First I thought it was a flaw in the implementation library, however after checking URL normalization rules in OpenID specification, and RFC 3986 it referred to, I realized that people who write the specs has never consider the trailing dot in domain names; they think people should just leave the hostname as-is, without adding nor striping the dot.

Yes, they are indeed different as described in RFC 1034: The trailing dot represent the DNS root, indicated that hostname specified is a complete full qualified domain name (FQDN); the other being an incomplete one, where local software (e.g. OS-level DNS service) can try to complete it with knowledge of the local domain (e.g. primary DNS suffix). Yet for a URL that identifies people (“OpenID”, dah!), I think it’s strange to accept an incomplete domain name – nor indicate in the spec that an incomplete domain name (by definition of RFC 1034) should be treated as a FQDN.

Maybe future spec or RFCs should address this issue.

See also: Trailing Dots in Domain Names