[OpenID] Temporarily redirecting one's identity?

[Sam Ruby]

Martin Atkins wrote:
> 
> I don't remember the reason why a temporary redirect was made equivalent 
> to a permanent one, but this was discussed on a previous occasion. 
> Perhaps someone can dig up the relevant thread in the archives.

If it is the case that 301 and 302 are intended to be treated the same, 
then I would suggest that the document should make this clearer, 
particularly as this is contrary to the HTTP specification.

> At this point we probably can't make this change due to existing 
> implementations (though admittedly they do seem to be inconsistent right 
> now), so perhaps we could instead use a "307 Temporary Redirect"[2] 
> response and retain the existing meaning of 301 and 302. I note that 
> Apache's Redirect directive *is* able to generate this response code. 
> However, I fear that existing implementations might fail when faced with 
> this previously-undefined response code. Yadis is already "finished", so 
> it might be too late to add this in now.

I am of the belief that the only things that are "finished" are things 
that no longer have any value.  Every "living" protocol has an errata 
process, and in the fullness of time, I am confident that this period 
will be viewed as the early days of YADIS.

That being said, I rather like the 307 suggestion as it implied an 
intentionality that isn't always the case with 302.  I personally don't 
need other fallbacks, the non-XRDS openid link is sufficient for my 
needs.  I merely want to lay the groundwork for a more forward thinking 
solution for when I need it; given the existing fallback, I'm not overly 
concerned that it will not have 100% support on day one.

- Sam Ruby