Problems with OpenID and TAG httpRange-14
Noah Slater
nslater at bytesexual.org
Thu Mar 20 11:40:10 UTC 2008
On Wed, Mar 19, 2008 at 08:59:24PM -0700, Johnny Bufu wrote:
> Yes, it is.
[snip]
> The new claimed_id URL is the address of the discovered information
> (which is of interest to the RPs in this case).
No, it really isn't.
Your argument, as far as I understand it, is that HTTP redirects imply the
original URI has an identity relationship final URI. You are using the example
of the address bar in a browser to illustrate this, i.e. "I type in X and
eventually it changes to Y, so X must equal Y."
This is of course false, as explicitly stated in the HTTP specification:
RFC 2616 § 10.3.3 302 Found
The requested resource resides temporarily under a different URI.
Since the redirection might be altered on occasion, the client SHOULD
continue to use the Request-URI for future requests.
RFC 2616 § 10.3.4 303 See Other
The response to the request can be found under a different URI and
SHOULD be retrieved using a GET method on that resource. This method
exists primarily to allow the output of a POST-activated script to
redirect the user agent to a selected resource. The new URI is not a
substitute reference for the originally requested resource.
RFC 2616 § 10.3.8 307 Temporary Redirect
The requested resource resides temporarily under a different URI.
Since the redirection MAY be altered on occasion, the client SHOULD
continue to use the Request-URI for future requests.
In each case it is explicit that the new URI is not a replacement for the
original URI (303 See Other) or is only a temporary replacement for the
original URI (302 Found, 307 Temporary Redirect).
To argue that because a web browser follows redirects these semantics must not
be true is a gross over-simplification of the facts.
Thanks,
--
Noah Slater <http://bytesexual.org/>
More information about the specs
mailing list