- From: Peter Williams <home_pw@msn.com>
- Date: Fri, 25 Nov 2011 06:12:04 -0800
- To: "public-xg-webid@w3.org" <public-xg-webid@w3.org>
- Message-ID: <SNT143-W260DACA7C580D4A2C04F2F92CF0@phx.gbl>
Someone posting from a BBC account noted that it was absolutely critical that there should be redirects - as a simple matter of link management. First, BEFORE ANYONE ACCEPTS THIS ISSUE, SOMEONE NEEDS TO ASSERT THAT THERE REALLY IS A PROBLEM with redirects. If so, characterize it. My gut tells me that there are (reasoning as did the openid folks, faced with the very same issues). Dont accept *my* word for it. Im reasoning purely by analogy. I just watched in a spying proxy the blogspot openid validation agents (known as consumer) pull the wordpress XRD metadata file for my blog site (where that XRD document pull is a analogous to pulling the webid profile document). In openid spec, there are specific conformance rules concerning how to handle redirects, and http/https issues. Perhaps distinguish between two classes of analysis: 1) that which openid faces, similarly2) any due to the nature of the semantic web querying model, specifically. Is the problem any more or less pertiennt since the cert:identity component was deprecated, changing the very nature of the query listed in the spec? The change of query in last week's spec design has put me out considerably, since I don't understand it yet - in the security sense. The change upset what I thought I understood for 2+ years...about the nature of this protocol, based on the previous query design. I had been basing assurance on properties you advocated as critical to the security logic, previously: inverse functional relations - that are now no longer present or dominate the security enforcement logic. It will take some time to settle down, as I understand the change. > To: public-xg-webid@w3.org > From: sysbot+tracker@w3.org > Date: Fri, 25 Nov 2011 13:06:02 +0000 > Subject: WebID-ISSUE-64 (redirects): Redirects [WebID Spec] > > > WebID-ISSUE-64 (redirects): Redirects [WebID Spec] > > http://www.w3.org/2005/Incubator/webid/track/issues/64 > > Raised by: Henry Story > On product: WebID Spec > > Peter Williams correctly points out that the spec should have some text and some thought go into what happens or should happen with HTTP redirects, when fetching a profile. Even if it is just to say that one should not follow those. > > >
Received on Friday, 25 November 2011 14:12:44 UTC