[OpenID] Problems with OpenID and TAG httpRange-14

Noah Slater nslater at bytesexual.org
Tue Mar 4 17:18:58 UTC 2008 

Hello again,

Firstly, sorry for the double post, the OpenID.net homepage does not
clearly indicate that specs at openid.net is a mailing list. However, it has come
to my attention that the mailing list software has truncated my message

  http://openid.net/pipermail/general/2008-March/004217.html
  http://openid.net/pipermail/specs/2008-March/002219.html

For the reference of people using mailman's web interface and incase the
mailing list software truncated the emails as well I had originally cited the
following references:

>From the OpenID specification [1]:

  Consumers MUST canonicalize the Identifier URL, following redirects, and note
  the final URL. The final, canonicalized URL is the End User's Identifier.

>From RFC2616 [2] (emphasis added in upper case):

  10.3.4 303 See Other

  The response to the request can be found under a different URI and
  SHOULD be retrieved using a GET method on that resource. This method
  exists primarily to allow the output of a POST-activated script to
  redirect the user agent to a selected resource. THE NEW URI IS NOT A
  SUBSTITUTE REFERENCE FOR THE ORIGINALLY REQUESTED RESOURCE. The 303
  response MUST NOT be cached, but the response to the second
  (redirected) request might be cacheable.

>From the TAG's findings [3] (emphasis added in upper case):

  According to the HTTP specification, a response code of 303 indicates that
  "the response to the request can be found under a different URI ...". It
  provides the URI where we can look for that response. It's worth noting that
  although 303 has the role of redirecting user agents after script processing
  following POST requests, the specification does not limit it to that role.

  Importantly, the specification also states that "The new URI is not a
  substitute reference for the originally requested resource." IN OTHER WORDS,
  RESPONSES CONTAINING THIS CODE DIRECT US TO RELATED MATERIAL. IF WE
  DEREFERENCE THE SUPPLIED URI AND RECEIVE A REPRESENTATION, IT IS CLEAR THAT
  THE REPRESENTATION RELATES TO THE URI WE WERE GIVEN IN THE 303 RESPONSE, AND
  NOT TO THE URI THAT LED TO THE 303 RESPONSE. IN PARTICULAR, WE'RE NOT BEING
  MISLEAD INTO THINKING THAT THE ORIGINAL URI ITSELF HAS REPRESENTATIONS.

I am sorry if this information has reached you twice now.

Thanks,

--
Noah Slater <http://bytesexual.org/>

More information about the general mailing list