[cgiapp] Re: what i'd like to be doing: new authn/authz thoughts

A. Pagaltzis pagaltzis at gmx.de
Fri Oct 19 19:40:44 EDT 2007


* Michael Peters <mpeters at plusthree.com> [2007-10-20 01:30]:
> Ricardo SIGNES wrote:
> > I want to do Stuff with OpenID. The way I see it, your OpenID
> > right now can only replace your password, not your username,
> > in many applications. That's because you want to be able to
> > say:
> > 
> >   http://some.web.app/user/USERNAME/whatever
> > 
> > Putting your OpenID, which is a URL, where "USERNAME" appears
> > is just weird.
> 
> Putting your login name into a URL is also weird. Your username
> is part of your credentials, so why are they in the URL?

Because there’s not a single user in the system to which you gain
access using $N different credentials. There are $N different
users, and so each of them should have their own URI. It’s simply
good REST design: don’t conflate multiple resources behind a
single URI. It robs you of the opportunity to refer to any one
of them in its own right.

Regards,
-- 
Aristotle Pagaltzis // <http://plasmasturm.org/>


More information about the cgiapp mailing list