Re: Origin vs Authority; use of HTTPS (draft-nottingham-site-meta-01)

Hi Adam,

I'm collecting changes for the next rev of the draft, and found this  
dangling:

On 12/02/2009, at 7:31 AM, Adam Barth wrote:

> Here's what I recommend:
>
> 1) Change the scope of the host-meta to default to the origin of the
> URL from which it was retrieved (as computed by the algorithm in
> draft-abarth-origin).


A common use case (we think) will be to have <http://www.us.example.com/host-meta 
 > HTTP redirect to <http://www.hq.example.com/host-meta>, or some  
other URI that's not on the same origin (as you defined it).

I think that the disconnect here is that your use case for 'origin'  
and this one -- while similar in many ways -- differ in this one, for  
good reasons.

We still intend, BTW, to re-introduce the protocol used to the mix, to  
disambiguate that point. It's just the redirect handling that's  
different.

As such, I'm wondering whether or not it's useful to use the term  
'origin' in this draft -- potentially going as far as renaming it  
(again!) to /origin-meta, although Eran is a bit concerned about  
confusing early adopters (with good cause, I think).

What are your thoughts?

Cheers,


--
Mark Nottingham     http://www.mnot.net/

Received on Monday, 23 February 2009 02:14:43 UTC