On Wed, Mar 19, 2008 at 08:59:24PM -0700, Johnny Bufu wrote: > Yes, it is. [snip] > The new claimed_id URL is the address of the discovered information > (which is of interest to the RPs in this case).
No, it really isn't. Your argument, as far as I understand it, is that HTTP redirects imply the original URI has an identity relationship final URI. You are using the example of the address bar in a browser to illustrate this, i.e. "I type in X and eventually it changes to Y, so X must equal Y." This is of course false, as explicitly stated in the HTTP specification: RFC 2616 § 10.3.3 302 Found The requested resource resides temporarily under a different URI. Since the redirection might be altered on occasion, the client SHOULD continue to use the Request-URI for future requests. RFC 2616 § 10.3.4 303 See Other The response to the request can be found under a different URI and SHOULD be retrieved using a GET method on that resource. This method exists primarily to allow the output of a POST-activated script to redirect the user agent to a selected resource. The new URI is not a substitute reference for the originally requested resource. RFC 2616 § 10.3.8 307 Temporary Redirect The requested resource resides temporarily under a different URI. Since the redirection MAY be altered on occasion, the client SHOULD continue to use the Request-URI for future requests. In each case it is explicit that the new URI is not a replacement for the original URI (303 See Other) or is only a temporary replacement for the original URI (302 Found, 307 Temporary Redirect). To argue that because a web browser follows redirects these semantics must not be true is a gross over-simplification of the facts. Thanks, -- Noah Slater <http://bytesexual.org/> _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs