[OpenID] Temporarily redirecting one's identity?

Kevin Turner kevin at janrain.com
Wed Jan 10 00:25:17 UTC 2007

On Sat, 2007-01-06 at 13:35 +0000, Martin Atkins wrote:
> Here's some proposed, rough descriptions of what should happen:
[snipped over 250 words on how to treat redirects]

I'm not saying you're wrong about this interpretation of HTTP --
although, as Sam pointed out, there are reasons why migrating data based
on something encountered in the discovery process gives me the willies
-- and I certainly agree that if Sam was confused about why
implementations are behaving the way there are, there needs to be some
clarification somewhere,

but my personal impulse is to say YAGNI and not make distinctions
between types of redirects in the OpenID spec.  I suspect a lot of
people don't know how to distinguish between the types of redirects, and
relying on their ability to do so, while it may be the most correct
thing to do, is not the simplest or most robust.

(It's a little strange to hear myself say this, as I certainly have fond
memories of pouring over the HTTP spec, trying to decide exactly which
status code to return.  I guess working on implementing and supporting
this stuff for a while has given me a greater appreciation for _not_
offering More Than One Way To Do It.)

and Johnny Bufu wrote:
> I read the Yadis spec the same way - it doesn't say anything about  
> redirects, or that the result of the discovery process includes the  
> URL which the XRDS describes. As an "consumer" of the spec, I take
> it  
> is left for the protocol / application that uses Yadis to define  
> whatever behavior they want -- and OpenID does that currently.

That's my interpretation as well.

More information about the general mailing list