Of course I’m 12 months too early. This is why it was not posted to the webid list of a standards group. Ill leave it to folks to decide how to describe the “implementation issues” from Stephane, below. >From the thread, there do seem some current mainline spec issues to resolve on redirects, and simple use of HTTP responses: Does the verifying agent *normally* follow redirects? If the redirect is from http to https, or vice versa, is there a significance? If the response is a multi-part mime delivered over http (not https), does the chunking matter? If the response has no explicit length but has headers saying… poll for more, how does verification agent known to stop polling (for the anchor/#tag yet to be delivered)? Implementation matter? Remember, we are pulling RDF streams – that can be huge. One might be pulling a foaf card pointing back at the cards/keys of a 10,000 followers (not uncommon in the facebook/twitter world). Do we need engineering guidance on HTTP usage, specific to the nature of the expected and normal use? From: Stéphane Corlosquet [mailto:scorlosquet@gmail.com] Sent: Tuesday, February 22, 2011 9:01 AM I don't think the spec should specify a max. limit here, though I agree implementations should have measures in place to avoid any kind of DoS here. Maybe this could go into a non-norminative section of the spec? If it [foaf card] is displayed as part of the web app, you should of course escape any non-trusted content etc..
Received on Tuesday, 22 February 2011 19:18:12 UTC