[OpenID] Calling OpenID 2.0 editors (was RE:Problems withOpenID and TAG httpRange-14)

Peter Williams pwilliams at rapattoni.com
Thu Mar 6 00:53:29 UTC 2008 

and what are those semantics for a 301?

That a website or some proxy gets to claim to an RP that one's permanent openid has been permanently re-provisioned?

Of course it hasn't.

What is supposed to happen - the user input in the state vector of the RP changes, due to a 301 redirect? so the "permanent" value is shown as the user's openid once openid auth has completed?

Surely not. But that is what following HTTP resource-centric semantics would mean.



From: Manger, James H
Sent: Wed 3/5/2008 4:48 PM
To: general at openid.net
Subject: Re: [OpenID] Calling OpenID 2.0 editors (was RE:Problems withOpenID and TAG httpRange-14)


Earlier emails on this topic:
1. [Jan 2007] Temporarily redirecting one's identity?
   http://openid.net/pipermail/general/2007-January/000946.html
2. [Nov 2007] "303 See Other" should not change Claimed ID
   http://openid.net/pipermail/general/2007-November/003681.html

The 2nd of these emails makes exactly the same argument as Noah,
with a few other wrinkles. It was ignored :-(

The 1st, by Sam Ruby, provides a use-case for using redirects
but not changing the claimed id.

My guess for why OpenID does not obey HTTP 303 semantics is simple
oversite. The semantic distinction between 303 (See Other) and other
redirects (permanent or temporary: 301, 302, 307) was probably not raised at
the time the text was written (in OpenID 1.x or Yadis?). After that point,
a fix is not backwardly compatible; it adds a little complexity to code;
and is not crucial for the use of OpenID. As a result a fix has not
garnered enough support from an editor to make a change. There is
considerable resistance to change when the authors are trying to finalize
a spec, and probably even more resistance after it has been released
(eg now).

I would still like to see a fix. I suspect very few existing OpenIDs use
303, and those that explicitly chose it are likely to want its specific
HTTP semantics.

James Manger
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080305/b1b4595c/attachment-0002.htm>

More information about the general mailing list