- From: Dan Brickley <danbri@danbri.org>
- Date: Wed, 01 Jul 2009 18:06:52 +0200
- To: "Williams, Stuart (HP Labs, Bristol)" <skw@hp.com>
- CC: "www-tag@w3.org WG" <www-tag@w3.org>
On 1/7/09 12:02, Williams, Stuart (HP Labs, Bristol) wrote: > Hi Dan, > > Had a little play with wget, firefox and tcpmon. Interestingly, http://danbri.org doesn't seem to make it to the request line - all external appearance are that the request is for http://danbri.org/ . Kind of make http://danbri.org web inaccessible. Thanks for investigating, and to John for digging out the spec citation, http://tools.ietf.org/html/rfc2616#page-18 I don't see anything in RFC2616 that stops me from claiming the URI to directly denote me, the person. Common sense makes me wary; it might quite reasonably be taken to denote a Web site in it's entirety. But that interpretation isn't widely established either in Web standards. Let's leave the OpenID aspect aside for now, for clarity. Except: One thing I learned recently when the danbri.org site was hacked, was that it is a really horrible experience. In future I want my openid to be kept WELL AWAY from my blog, my PHP scripts, and other possible entry points for vandals, spammers, identity thieves etc. Because danbri.org was compromised (for a while), my OpenID delegation could have been mis-used, etc etc. My lesson here is that I want to use a new and separate sub-domain for OpenID purposes, FOAF files etc. And my main website can be a more chaotic, risky, lower security affair. So I expect to start using something like http://id.danbri.org/ as an OpenID. Or perhaps even http://id.danbri.org/ Can anyone find good reason (from deployment pragmatics, or specs) why I can't write me-the-person: http://id.danbri.org my homepage, delegating openid page, etc. ... http://id.danbri.org/ This would be really nice, since at the moment SemWeb people are running around using either very different URIs for themselves and their homepages, or putting #me into them. With the above model, they could essentially put *almost* the same URL on their sig files, biz cards etc., and let the browser correct the difference transparently. No browser knows to add or remove "#me" yet, by contrast. > Note wget and firefox both appear to make request for http://danbri.org/ - which is what gets rewritten into the browser address bar - no redirections, no content-location... all before fact of making the request. So they're different URIs, and the shorter one does NOT return a 200. It can't be de-referenced directly, only adapted by universally known rules into a different URI. The adaptation step is under-documented, and doesn't make explicit whether the "before" and "after" forms denote different things. Is that a fair reading? > So a bit like using #'d URI, the URI that makes it to the request line is different from the one used in the reference. Yup. But it would make for a much more consistent story with other "social Web" folk who like URIs for people too... Domain name registrars might be happy also. cheers, Dan > -- > > GET http://danbri.org/ HTTP/1.1 > Host: danbri.org > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729) > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-gb,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Proxy-Connection: keep-alive > > HTTP/1.1 200 OK > Date: Wed, 01 Jul 2009 09:45:32 GMT > Server: Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.1 with Suhosin-Patch > Last-Modified: Sat, 09 May 2009 15:01:37 GMT > ETag: "9b4b6-412-4697c05936f66" > Accept-Ranges: bytes > Vary: Accept-Encoding > Content-Type: text/html > Content-length: 1042 > Proxy-Connection: Keep-Alive > Connection: Keep-Alive > Age: 349 > > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"> > <html xmlns="http://www.w3.org/1999/xhtml" > xmlns:foaf="http://xmlns.com/foaf/0.1/"> > <head> > <title>Dan Brickley</title> > <link rel="meta" type="application/rdf+xml" title="FOAF" href="http://danbri.org/foaf.rdf" /> > > <link rel="openid2.provider" href="http://danbri.org/words/openid/server" /> > <link rel="openid2.local_id" href="http://danbri.org/words/author/danbri/" /> > <link rel="openid.server" href="http://danbri.org/words/openid/server" /> > <link rel="openid.delegate" href="http://danbri.org/words/author/danbri/" /> > > </head> > <body> > <h1>danbri.org</h1> > <p>This is the new minimalist danbri.org.</p> > <p>Nearby:<a href="words/">Dan's blog</a></p> > </body> > </html> > <!--<link rel="openid2.local_id" href="https://me.yahoo.com/danbri3" /> > <link rel="openid2.provider" href="https://open.login.yahooapis.com/openid/op/auth" /> > <meta http-equiv="X-XRDS-Location" content="https://me.yahoo.com/danbri3" /> > --> > >> -----Original Message----- >> From: www-tag-request@w3.org [mailto:www-tag-request@w3.org] >> On Behalf Of Dan Brickley >> Sent: 01 July 2009 01:54 >> To: www-tag@w3.org WG >> Subject: Can "http://danbri.org" and "http://danbri.org/" >> URIs represent different things? >> >> Hello TAG, >> >> Talking with some SW folk about OpenID, and whether my >> "me-the-person" >> URI could be practically usable as my OpenID, I came up with this >> corner-case: >> >> Could http://danbri.org be a URI for "me the person", and >> http://danbri.org/ be a document about me (and also serve as >> my OpenID)? >> >> As I understand HTTP, any client must request something, so >> the former >> isn't directly de-referencable. The client has to decide to ask for / >> from danbri.org instead. But they're still different URIs, >> aren't they? >> >> Is... >> >> <Person xmlns:foaf="http://xmlns.com/foaf/0.1"/ >> rdf:about="http://danbri.org"> >> <openid> >> <Document rdf:about="http://danbri.org/"/> >> </openid> >> </Person> >> >> ...at all feasible? I guess it depends on how exactly we >> think about the >> "add a / to the end" step... >> >> cheers, >> >> Dan >> >>
Received on Wednesday, 1 July 2009 16:07:36 UTC