[OpenID] Calling OpenID 2.0 editors (was RE:Problems withOpenID and TAG httpRange-14)
Manger, James H
James.H.Manger at team.telstra.com
Thu Mar 6 00:48:49 UTC 2008
Earlier emails on this topic:
1. [Jan 2007] Temporarily redirecting one's identity?
http://openid.net/pipermail/general/2007-January/000946.html
2. [Nov 2007] "303 See Other" should not change Claimed ID
http://openid.net/pipermail/general/2007-November/003681.html
The 2nd of these emails makes exactly the same argument as Noah,
with a few other wrinkles. It was ignored :-(
The 1st, by Sam Ruby, provides a use-case for using redirects
but not changing the claimed id.
My guess for why OpenID does not obey HTTP 303 semantics is simple
oversite. The semantic distinction between 303 (See Other) and other
redirects (permanent or temporary: 301, 302, 307) was probably not raised at
the time the text was written (in OpenID 1.x or Yadis?). After that point,
a fix is not backwardly compatible; it adds a little complexity to code;
and is not crucial for the use of OpenID. As a result a fix has not
garnered enough support from an editor to make a change. There is
considerable resistance to change when the authors are trying to finalize
a spec, and probably even more resistance after it has been released
(eg now).
I would still like to see a fix. I suspect very few existing OpenIDs use
303, and those that explicitly chose it are likely to want its specific
HTTP semantics.
James Manger
More information about the general
mailing list