<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Yes you don't need expires. HTTP caching semantics are probably fine for you.<div><br></div><div><br><div><div>On 2012-02-06, at 3:37 PM, Justin Richer wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
<div bgcolor="#FFFFFF" text="#000000">
But "expires" is optional, so you can have a permanent, static file.
That's the same kind of thing that we'd be using here, due to
similar domain-level site ownership issues.<br>
<br>
-- Justin<br>
<br>
On 02/06/2012 01:25 PM, George Fletcher wrote:
<blockquote cite="mid:4F301B1E.20409@aol.com" type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
Hi,<br>
<br>
I just found out that our XRD/Webfinger support in production is
broken. This boils down to deployment issues for me since the
owner of the <a href="http://aol.com">aol.com</a> domain is the portal team, not the identity
team. As more and more specs are putting files in /.well-known I'm
looking for solutions that are less brittle that what I have right
now. With that context, is it acceptable to deploy a static file
to <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://aol.com/.well-known/simple-web-discovery">https://aol.com/.well-known/simple-web-discovery</a>
that returns...<br>
<br>
<pre class="newpage"> {
"SWD_service_redirect":
{
"location": <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="https://api.screenname.aol.com/swd_server">"https://api.screenname.aol.com/swd_server"</a>,
"expires": 1300752001
}
}</pre>
That static file would ignore the query parameters though they
will be logged. Note that if the SWD request is for an @aim.com
domain the JSON response will be the same. <br>
<br>
<pre class="newpage"> GET /.well-known/simple-web-discovery
?principal=<a moz-do-not-send="true" class="moz-txt-link-freetext" href="mailto:joe@aim.com">mailto:joe@aim.com</a>
&service=urn:example.org:service:calendar HTTP/1.1
Host: <a href="http://aim.com">aim.com</a>
HTTP/1.1 200 OK
Content-Type: application/json
{
"SWD_service_redirect":
{
"location": <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="https://api.screenname.aol.com/swd_server">"https://api.screenname.aol.com/swd_server"</a>,
"expires": 1300752001
}
}
</pre>
<br>
I'm assuming there are no trust chain issues if the redirect
location does NOT match the root domain of the original request.<br>
<br>
Finally, the expiration field is going to cause me problems. I
really would like the file to be static, but the client to requery
every n hours/days/weeks. This could be done using HTTP expiration
semantics. However, I don't have a deployment solution that allows
me to update the file on a fixed interval. I'll keep exploring
options to make it more dynamic, but the dynamic flow I have right
now has been broken twice by config upgrades.<br>
<br>
Thanks,<br>
George<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
<br>
</div>
_______________________________________________<br>Openid-specs-ab mailing list<br><a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>http://lists.openid.net/mailman/listinfo/openid-specs-ab<br></blockquote></div><br></div></body></html>