On 19-Mar-08, at 6:42 PM, Manger, James H wrote:
> [Aside: Browsers displaying the new URL in the address bar after a
> 303 See Other is not a counter-example.
Yes, it is.
> The new URL is the address of the displayed response.
The new claimed_id URL is the address of the discovered informatio
As confusing as HTTP redirect semantics might be, I am confident that
you will not find anyone that deliberately chooses to return a 303 See Other
without explicitly wanting to keep the original URL as the "identity" and
the new URL as merely a (stable, cachable) location for the current response
(
Out on the Wiki is a discussion on creating a WS-Security profile to
support OpenID. Is anyone planning on taking this further?
*
This communication, including attachments, is
for the exclusive use of addressee and may conta
On Wed, 2008-03-19 at 23:54 +0900, James Henstridge wrote:
> The fact that some sites incorrectly resolved the redirect to
> "/about/" is probably due to the non-standard response headers for
> http://bytesexual.org/ -- it contains a relative URI reference in the
> location header, while the spec r
On 19-Mar-08, at 2:51 AM, Noah Slater wrote:
> On Tue, Mar 18, 2008 at 07:54:20PM -0700, Kevin Turner wrote:
>> A request for an OpenID Identifier SHALL NOT issue a 303 response.
>
> This is even worse and also backwards incompatible. All the OpenIDs
> that
> currently use 303 redirects, includ
On 19/03/2008, Noah Slater <[EMAIL PROTECTED]> wrote:
> On Wed, Mar 19, 2008 at 08:43:46PM +0900, James Henstridge wrote:
> > > Given two backwards incompatible changes I hardly see how one which
> breaks
> > > existing OpenIDs is favourable to one which changes how some are
> handled.
> >
>
On Wed, Mar 19, 2008 at 08:43:46PM +0900, James Henstridge wrote:
> > Given two backwards incompatible changes I hardly see how one which breaks
> > existing OpenIDs is favourable to one which changes how some are handled.
>
> That seems to be an argument for making no changes.
No, it's an argum
On 19/03/2008, Noah Slater <[EMAIL PROTECTED]> wrote:
> On Tue, Mar 18, 2008 at 07:54:20PM -0700, Kevin Turner wrote:
> > A request for an OpenID Identifier SHALL NOT issue a 303 response.
>
>
> This is even worse and also backwards incompatible. All the OpenIDs that
> currently use 303 redirects
On Tue, Mar 18, 2008 at 07:54:20PM -0700, Kevin Turner wrote:
> A request for an OpenID Identifier SHALL NOT issue a 303 response.
This is even worse and also backwards incompatible. All the OpenIDs that
currently use 303 redirects, including mine, will all break.
Given two backwards incompatible