RE: [foaf-protocols] non issue comments on webid IX draft

Of course I’m 12 months too early. This is why it was not posted to the
webid list of a standards group. Ill leave it to folks to decide how to
describe the “implementation issues” from Stephane, below.

 

>From the thread, there do seem some current mainline spec issues to resolve
on redirects, and simple use of HTTP responses:

 

Does the verifying agent *normally* follow redirects? 

 

If the redirect is from http to https, or vice versa, is there a
significance?

 

If the response is a multi-part mime delivered over http (not https), does
the chunking matter?

 

If the response has no explicit length but has headers saying… poll for
more, how does verification agent known to stop polling (for the anchor/#tag
yet to be delivered)? Implementation matter?

 

Remember, we are pulling RDF streams – that can be huge. One might be
pulling a foaf card pointing back at the cards/keys of a 10,000 followers
(not uncommon in the facebook/twitter world). Do we need engineering
guidance on HTTP usage, specific to the nature of the expected and normal
use?

 

 

 

From: Stéphane Corlosquet [mailto:scorlosquet@gmail.com] 
Sent: Tuesday, February 22, 2011 9:01 AM



 

I don't think the spec should specify a max. limit here, though I agree
implementations should have measures in place to avoid any kind of DoS here.
Maybe this could go into a non-norminative section of the spec?

 

 

If it [foaf card] is displayed as part of the web app, you should of course
escape any non-trusted content etc..

 

 

Received on Tuesday, 22 February 2011 19:18:12 UTC