[OpenID] Calling OpenID 2.0 editors (was RE:Problems withOpenID and TAG httpRange-14)

Johnny Bufu johnny at sxip.com
Thu Mar 13 01:59:09 UTC 2008 

On 12-Mar-08, at 6:52 AM, Brendan Taylor wrote:

> On Mon, Mar 10, 2008 at 10:25:35AM -0700, Johnny Bufu wrote:
>>
>> On 6-Mar-08, at 11:44 AM, Noah Slater wrote:
>>
>>> It's not an assumption, it's bordering on the absurd that I have
>>> requote:
>>>
>>> RFC 2616 § 10.3.4:
>>>
>>>   The new uri is not a substitute reference for the originally
>>> requested resource.
>
>> By your reasoning, if URL-1 303-redirects to URL-2, which in turn
>> sends a "welcome to URL-2" in the HTML body, a browser fetching
>> URL-1 SHOULD (or MUST?):
>>
>> - display URL-1 in the location bar
>> - parse the HTML content and replace every appearance of URL-2 with
>> URL-1
>> - etc.
>
> Yup, that's clearly absurd. Either the editors of the RFC were off  
> their
> rockers, or you're misinterpreting the spec. :)

Agreed, except for the fact that it is not my interpretation -- I was  
applying Noah's (and yours) to browsers.

> There's a subtle distinction that I think you're missing.
>
> When a server sends a 301 Moved Permanently, it's saying "I know the
> document you're talking about. It's moved to <Location>."
>
> When a server sends a 303 See Other, it's saying "I know the thing
> you're talking about. You can get a document about it at <Location>."
>
> When the HTTP RFC says URL-2 shouldn't be substituted for URL-1, it's
> talking about URLs as identifiers. Browsers don't deal in identifiers,
> they deal in documents;

> a browser's location bar shows the URL of the
> document it's displaying, not the URL of the thing that the  
> document is
> about.

Similarly, the Claimed ID is the ID that is being claimed, not the ID  
on which OpenID discovery was initiated (which was the User-supplied  
ID).

Browsers do "deal in identifiers" though -- why would they bother to  
display any kind of URL in the location bar otherwise? "URL of the  
document it's displaying" sounds to me like identification. Wher  
browsers have "location", OpenID has "claimed_id".

> OpenID, on the other hand, deals in identifiers. The documents  
> involved
> are just a convenient way of figuring out what identifiers to use.
>
> The URL <http://bytesexual.org/> identifies a person.

Not according to the current OpenID discovery rules and the URL's  
configuration. Considering these facts, your statement above is no  
more than an intention, not yet materialized.

----

I feel that we (or at least I) have exchanged enough replies on this  
to topic. The claims that "OpenID is broken, it violates HTTP's  
recommendations" are false in my opinion; I have argued why, and  
haven't seen convincing counter-arguments or new evidence to support  
these claims. So I'll rest my case, and let others weigh in their  
opinion as well.


Johnny

More information about the general mailing list