[OpenID] Dumb Question: Why isn't http://xri.net/=bobwyman an OpenID?

Drummond Reed drummond.reed at cordance.net
Fri Jan 5 05:34:11 UTC 2007


Dag,

The Yadis 1.0 spec (http://yadis.org/papers/yadis-v1.0.pdf) section 6.2.5
says that one of the four valid responses to a Yadis request is an XRDS
document. That's what xri.net, the XDI.org HXRI proxy resolver, returns. It
does not return the other three options because XRI resolution is its
primary job.

Also, the latest draft of the OpenID OpenID Authentication 2.0 spec I've
seen says that the RP should first do a GET for an XRDS file, and if that
fails, then do a GET for an HTML page link or header.

So the problem is not with xri.net if the request asks for a content type of
application/xrds+xml. Note that with any HXRI proxy resolver, you don't even
have to explicitly set the requested content type in the GET request; you
can also pass it it directly in the URL by adding a query parameter as
follows (to use the =bobwyman example):

	http://xri.net/=bobwyman?_xrd_r=application/xrds%2bxml

(Note that the query parameter name is "_xri_r" and %2b is an escaped +
sign.)

However even once the openidenabled.com code requests/receives the XRDS
file, there is still one other thing that needs fixing. XDI.org-accredited
i-brokers that provide OpenID authentication need to expect an HXRI as well
as a plain XRI in the OpenID authentication request (currently most of them
just expect an XRI).

Once those two things are fixed, using a full HXRI as an OpenID URL should
work fine, however as discussed before, it ends out treating an HXRI as a
URL and is not nearly as good as an RP supporting 2.0 and getting the full
benefits of XRI synonym management.

=Drummond 

-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Dag Arneson
Sent: Thursday, January 04, 2007 2:00 PM
To: openid-general
Subject: Re: [OpenID] Dumb Question: Why isn't http://xri.net/=bobwyman an
OpenID?

As I mentioned before, xri.net is not spec compliant with OpenID since 
it does not use the header or the meta tag to indicate the location of 
the xrds.  I was curious, so I poked around a little more.

If I try to log in to my blog (which uses the Ruby OpenID lib) with 
http://xri.net/=rorek as my OpenID, I get to 2idi (=rorek's i-broker) 
with the error:  I-Name not found: =http://xri.net/=rorek

It appears that xri.net does support the Accept:application/xrds+xml 
header method of obtaining the xrds, but without the openid:delegate the 
2idi openid server gets confused:

$ curl -v -H Accept:application/xrds+xml http://xri.net/=rorek
* About to connect() to xri.net port 80
*   Trying 209.173.57.174... connected
* Connected to xri.net (209.173.57.174) port 80
 > GET /=rorek HTTP/1.1
 > User-Agent: curl/7.15.5 (i486-pc-linux-gnu) libcurl/7.15.5 
OpenSSL/0.9.8c zlib/1.2.3 libidn/0.6.5
 > Host: xri.net
 > Accept:application/xrds+xml
 >
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< Content-Type: application/xrds+xml;trust=none
< Content-Length: 912
< Date: Thu, 04 Jan 2007 21:22:16 GMT
<?xml version="1.0" encoding="UTF-8"?>
<XRDS ref="xri://=rorek" xmlns="xri://$xrds">
  <XRD xmlns="xri://$xrd*($v*2.0)">
   <Query>*rorek</Query>
   <Status code="100"/>
   <Expires>2007-01-04T22:22:16.000Z</Expires>
   <ProviderID>xri://=</ProviderID>
   <LocalID priority="10">!7A49.7EDD.2592.F77B</LocalID>
   <CanonicalID priority="10">=!7A49.7EDD.2592.F77B</CanonicalID>
   <Service priority="10">
    <Type select="true">http://openid.net/signon/1.0</Type>
    <ProviderID/>
    <URI append="qxri" priority="2">http://2idi.com/openid/</URI>
    <URI append="qxri" priority="1">https://2idi.com/openid/</URI>
   </Service>
   <Service priority="10">
    <Type select="true">xri://+i-service*(+contact)*($v*1.0)</Type>
    <Type match="default"/>
    <ProviderID/>
    <Path select="true">(+contact)</Path>
    <Path match="null"/>
    <URI append="qxri" priority="1">http://2idi.com/contact/</URI>
   </Service>
  </XRD>
</XRDS>
* Connection #0 to host xri.net left intact
* Closing connection #0

So there are 2 problems here: xri.net has partially broken discovery, 
and 2idi.com's openid server doesn't support the xri.net urls.

To diagnose the 2idi problem I fired up the LiveHTTPHeaders firefox 
extension (highly recommended for diagnosing openid problems).

Here's the url I'm redirected to on 2idi, slightly reformatted:
  http://2idi.com/openid/?openid.mode=checkid_setup&
openid.return_to=http%3A%2F%2Frorek.org%2Fblog%2Fopenid%2Fcomplete%3Fnonce%3
DXG7PHaJu&
openid.trust_root=http%3A%2F%2Frorek.org%2Fblog%2F&
openid.identity=http%3A%2F%2Fxri.net%2F%3Drorek&
openid.assoc_handle=%7BHMAC-SHA1%7D%7B459d757d%7D%7BO02jbg%3D%3D%7D

Which looks fine.  After that the stuff is thrown in the session 
apparently and what happens after that to change http://xri.net/=rorek 
into =http://xri.net/=rorek is not clear.

Dag Arneson

a.k.a.
rorek.org
=rorek
dag.myopenid.com
sanedragon
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general




More information about the general mailing list