[OpenID] Temporarily redirecting one's identity?
Sam Ruby
rubys at intertwingly.net
Thu Jan 4 20:06:51 UTC 2007
Martin Atkins wrote:
>
> I don't remember the reason why a temporary redirect was made equivalent
> to a permanent one, but this was discussed on a previous occasion.
> Perhaps someone can dig up the relevant thread in the archives.
If it is the case that 301 and 302 are intended to be treated the same,
then I would suggest that the document should make this clearer,
particularly as this is contrary to the HTTP specification.
> At this point we probably can't make this change due to existing
> implementations (though admittedly they do seem to be inconsistent right
> now), so perhaps we could instead use a "307 Temporary Redirect"[2]
> response and retain the existing meaning of 301 and 302. I note that
> Apache's Redirect directive *is* able to generate this response code.
> However, I fear that existing implementations might fail when faced with
> this previously-undefined response code. Yadis is already "finished", so
> it might be too late to add this in now.
I am of the belief that the only things that are "finished" are things
that no longer have any value. Every "living" protocol has an errata
process, and in the fullness of time, I am confident that this period
will be viewed as the early days of YADIS.
That being said, I rather like the 307 suggestion as it implied an
intentionality that isn't always the case with 302. I personally don't
need other fallbacks, the non-XRDS openid link is sufficient for my
needs. I merely want to lay the groundwork for a more forward thinking
solution for when I need it; given the existing fallback, I'm not overly
concerned that it will not have 100% support on day one.
- Sam Ruby
More information about the general
mailing list