FHIR Chat · uri rules?

what are the uri rules that the IG builder is applying? I ask because I have a use-case where an identifier (user identifier) is an X.509, made up of an X.509 path for the system ( "CN=John Miller,OU=Harris,O=HITS,L=Melbourne,ST=FL,C=US" ), and an X.509 for the user ("UID=kskagerb"). I converted the X.509 of the system to an "ldap://" url; which included url encoding, but the builder complains

      "who" : {
        "identifier" : {
          "system" : "ldap:///CN%3DSAML%20User%2COU%3DHarris%2CO%3DHITS%2CL%3DMelbourne%2CST%3DFL%2CC%3DUS",
          "value" : "UID=kskagerb"
        }
      },

validation error is

Identifier.system must be an absolute reference, not a local reference

Lloyd McKenzie (Dec 15 2021 at 21:56):

Needs to start with http: or https: I think

John Moehrke (Dec 15 2021 at 22:01):

that is a URI rule?

John Moehrke (Dec 15 2021 at 22:01):

urn: works

Vassil Peytchev (Dec 15 2021 at 22:04):

It is probably a problem with the validator, I would be surprised if an LDAP URL had been tried before.
The datatype of system is URI, which is any URI, and ldap:// is a valid URI and URL scheme, but has an unusual format after that (hence the three slashes).

Vassil Peytchev (Dec 15 2021 at 22:07):

Nevertheless, I think the actual value of the X.509 path is not appropriate for system.
if it were just "O=HITS,L=Melbourne,ST=FL,C=US" then maybe...

John Moehrke (Dec 15 2021 at 22:16):

I figured I needed to encode the X.509 path, and I found documentation on the internet about use of ldap://; and it indicated that where there is no ldap addressable hostname the convention was to use ldap:///