W3C home > Mailing lists > Public > xml-dist-app@w3.org > December 2005

Re: Concern about status code 303 and resolution to Rec33

From: Mark Baker <distobj@acm.org>
Date: Wed, 7 Dec 2005 12:01:20 -0500
Message-ID: <c70bc85d0512070901x36e1589cq37522130a1ef14c4@mail.gmail.com>
To: "noah_mendelsohn@us.ibm.com" <noah_mendelsohn@us.ibm.com>
Cc: xml-dist-app@w3.org

Noah,

On 12/7/05, noah_mendelsohn@us.ibm.com <noah_mendelsohn@us.ibm.com> wrote:
> Mark Baker writes:
>
> > Unfortunately it's not the role of the service to declare that
> > it can be trusted 8-); that's something only the human
> > operating the client can decide, because they - not the service
> > doing the redirection - have to take responsibility for the
> > implications of the unsafe message....  hence the need to
> > verify with them.
>
> I dont' think it's directly the service that says "trust my redirections",

Right, but that's what I interpreted Yves to be saying when he wrote;

] However, if you have a description of a service that explicitely says
] "you might get redirected to this set of URIs, and **it is OK**"
(emphasis mine)

> it's the human who chooses to install "client" software that's configured
> to say "if you get a redirect that matches [your favorite predicate
> involving ports, endpointrefs, QNames, whatever], then assume that
> redirections are to be trusted. If the human chooses to base that
> predicate on a reading of the "instruction book" for some particular
> service, so be it.  That's his or her choice.  I think the intent of the
> proposed spec text is fine as it stands.

Agreed.

Mark
--
Mark Baker.  Ottawa, Ontario, CANADA.       http://www.markbaker.ca
Coactus; Web-inspired integration strategies  http://www.coactus.com
Received on Wednesday, 7 December 2005 17:01:36 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:20 GMT