Comparing robots.txt with an XRD is like comparing "apples with oranges". Can you do better than that? Cacheing robots.txt is not the same as cacheing an XRD. I will explain.<div>If my browser wants to cache all my XRD's. This is a real possibility. I may have XRD's at Google, Yahoo, Microsoft and "my own" host. The only way you can differentiate between all these XRD's is if the XRD;'s have a <Subject>.<br>
<br><div class="gmail_quote">On Wed, Oct 21, 2009 at 9:28 PM, Breno de Medeiros <span dir="ltr"><<a href="mailto:breno@google.com">breno@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On Wed, Oct 21, 2009 at 8:47 AM, Santosh Rajan <<a href="mailto:santrajan@gmail.com">santrajan@gmail.com</a>> wrote:<br>
> This is further to my post "Open Challenge to webfinger, XRD". The post has<br>
> grown in all directions. So I would like to put my arguments in a nutshell.<br>
><br>
> The idea of an XRD without a Subject is unacceptable for the following<br>
> reasons.<br>
> 1) XRD without <Subject> is a security risk. If nothing, it makes life<br>
> easier for the "Man in the middle attacker".<br>
<br>
</div>Not necessarily all applications are security sensitive. Think about<br>
robots.txt. Does it have a Subject? No. Does it introduce security<br>
vulnerabilities? No. Is it metadata about something? Yes.<br>
<div class="im"><br>
> 2) Cacheing of XRD's is thrown out of the window. You can't cache XRD's<br>
> without a <Subject>. I firmly believe that Cacheing of XRD's will be a "BIG<br>
> THING". Applications "IN THE KNOW OF XRD's" will deifinitely like to cache<br>
> XRD's. It will definitely speed up the discovery process.<br>
<br>
</div>No. Lack of a subject does not prevent anyone from caching robots.txt<br>
and will not prevent anyone from caching XRDs. Indeed, caching XRD<br>
works completely independent of the Subject. For instance, if a<br>
client follows a sequence of cacheable redirects and gets an XRD<br>
document, it should be able to retrieve the XRD from cache next time<br>
it discovers the same resource (regardless of whether the resource is<br>
also the Subject of the XRD, an Alias listed in the XRD or if the XRD<br>
has no Subject).<br>
<div class="im"><br>
> 3) I am seeing the real possibility that applications will be developed<br>
> where users can "save" their XRD's locally. Further, users may be able to to<br>
> upload their XRD's to sites that require it. All this will require a<br>
> <Subject>.<br>
<br>
</div>No, it doesn't. See robots.txt<br>
<br>
<br>
<br>
--<br>
<font color="#888888">--Breno<br>
</font></blockquote></div><br><br clear="all"><br>-- <br><a href="http://hi.im/santosh">http://hi.im/santosh</a><br><br><br>
</div>