ACTION-369: webarch implications of 7.2

Section 7.2 [1] was the object of recent discussions around
ISSUE-123, noticing that the technique described in this section is
not guaranteed to work.

I propose to add the following note to an eventual rewrite of the
section (which Tyler owes as ACTION-368):

	The technique outlined in this section is a best effort to
	steer the user toward a safer interaction.  There is no
	guarantee that replacing the scheme in an "http" URI by
	"https" leads to a URI that references a resource in any way
	related to the original one.  Also, when the current page
	was obtained through an unsafe HTTP interaction (such as
	POST), performing a GET request on a URI that was produced
	in this way might negatively affect session-based web

Tyler, can you just copy and paste this in (and possibly smoothen
the language a bit) when you do ACTION-368?

As a side remark, I wonder if there is an authoring best practice in
here (for section 9) that suggests keeping http and https URI spaces
consistent.  Thoughts?


Thomas Roessler, W3C  <>

Received on Thursday, 17 January 2008 18:03:29 UTC