On 11-Feb-06, at 3:17 PM, Eric Rescorla wrote:
Use of Javascript
Section 5.10.2.1 reads:
The Membersite sends a fetch-request message to the Homesite
through
the User's client via a redirected HTTP POST to their Homesite
Endpoint URL using JavaScript to autosubmit the form.
I appreciate the rationale for this: you want things to work with
dumb clients but given that Javascript isn't any kind of IETF
standard--it's hard to see how we could require it in an IETF
standard. ECMASCript, perhaps. Even then, specifying this kind
of implementation detail is the kind of thing that IETF typically
stays out of. I appreciate that this is also a wire protocol issue,
but given that there's no specification of the exact JavaScript
incantation, it's not clear it makes sense to specify only
the language.
The protocol works without the ECMAScript, the user would need to
click another button to continue on with the exchange. The ECMAScript
provides a more seamless use experience since a POST cannot be
redirected, and we did not want to limit the data to what could sit
on a URL, as well, did not want the data to have to be exposed by
being on a URL. As noted in another email, an enhanced browser does
not need to the ECMAScript. We see this as a boot strap method.
wrt. how it is positioned in the ID, I agree it is an implementation
detail. How would you suggest that implementation hints like this are
communicated?
-- Dick
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
