Re: making the webcredits.org spec more strict about 'source' and 'destination' fields.

On Tue, Apr 24, 2012 at 11:14 AM, Melvin Carvalho
<melvincarvalho@gmail.com>wrote:

>
> I think the subtle point here that most dont get, is that http urls are
> documents as defined by the protocol.  And anything inside the documents as
> denoted with a # are data points.  The hard thing in this is web developers
> having to UNLEARN their previous assumptions.  This single point causes no
> end of chaos!  The other problem is that the web, like html, is fault
> tolernt, so that if you get it wrong your system will probably still work!
> :)
>
> The challenge is to getting the language right so that it's easily
> understood in the short spec doc., in particular so that people can get up
> and running in under a day.  I'm going to put out a draft in the next few
> days that is hopefully more understandable.
>

Section 11.5.1 of Draft 12 of the OpenID 2.0 spec recommends that OPs
assign a unique url fragment to an OpenID url that changes when the OpenID
changes ownership.

an appended generation identifier is very different from having the URL
refer to a big document (say, a roster) and the fragment point to a part of
it (page and line of someone's listing in the roster.)

The specification for fragments,
http://tools.ietf.org/html/rfc3986#section-3.5 , pretty much says "anything
goes" and delegates all fragment interpretation to specific schemes, so an
identity scheme (even an OpenID 2.0 provider that uses fragments for more
than generation differentiation) seems conformant.

I suggest that example identity strings in the short spec doc don't have
fragments in them, also that the sentence where you state that any URL will
do could affirm that when fragments are provided, the fragment is important
and MUST NOT get stripped.

How about http://tools.ietf.org/html/rfc3966#section-5.1.4 globally unique
telephone numbers of well-known services for the examples? Is that too cute?