Server-to-server channel
Martin Atkins
mart at degeneration.co.uk
Wed Apr 4 17:50:49 UTC 2007
Chris Drake wrote:
> Hi Martin,
>
> You wrote
> MA> The "age" of the information needs to be taken into account here.
>
> When the information (rightly) lives at the OP instead of the RP, none
> of that age complexity exists.
>
> It's *my* name. It's *my* credit card. If any RP wants this info, make
> them come to me (my OP) and get it. Let me say "no". Let me know each
> time they ask. But most importantly, let me (my OP) provide the
> correct, updated info each time the RP wants it.
>
I think you're kidding yourself if you believe that RP's won't cache the
information they obtain.
For some things it's legitimate: they need to store your name because
otherwise they'd need to talk to your OP (via you!) every time they
render a page containing something attributed to you.
For other things it's more dubious than that, but the fact that it is
technically possible means that at least some RP's will do it. I think
it'd be a mistake to write the spec under the assumption that they won't
unless we're going to include something that prevents it.
More information about the specs
mailing list