[OpenID] OpenID Exchange

Martin Atkins mart at degeneration.co.uk
Mon Jan 15 08:47:40 UTC 2007


Dick Hardt wrote:
> 
> Perhaps another name will come to mind once I fully grock what you  
> are trying to do!
> 
> Per your example, there is the blogsite and the lamequiz. (btw: the  
> quiz properly assessed I liked Perl :-)
> 
> Some questions to help me grock:
> 
> Would it be fair to say that lamequiz is making an API call to  
> blogsite on behalf of the user?

Yes, that's right.

The previous iteration of this[1] used "RPC" as its model, but this time 
around I simplified it to using HTTP requests as the model in order that 
it can reuse parts of existing HTTP-based protocols.

So what's going on in my demo is that, conceptually, blogsite is making 
the following HTTP request:

POST /blogsite/oidex-server.php?blogid=4 HTTP/1.1
Host: oidexdemo.m.wox.org
Content-type: application/x-www-form-urlencoded

subject=I+am+Perl&body=Yada+yada+yada

and getting back:

HTTP/1.1 201 Created
Location: ....

but this has a user-approval step shoved in the middle of it.

(This initial demo uses a simple urlencoding, but my later draft spec on 
the wiki[2] uses Atom. The principle is the same.)

> Would some other policy such as being able to make more then one call  
> be useful, or be able to make the call later when the user is not  
> around?
> 

I expect that this would be dealt with by dependent services where it is 
useful by having an "API request" as above in which the caller requests 
permission to do an action later, possibly many times. The basic 
primitive of this protocol is user-accompanied requests, but you can 
have a user-accompanied request to set up permission to make a 
non-accompanied request if you like. That may be a useful extension to 
OpenID Exchange, but I think it's a good idea to spec out this simple 
case first and add on a "Delayed/Repeated Request" extension later 
when/if it proves useful.


Got to head to work now, so I'll catch up with this later. :)

------------------------------------------

[1] http://lists.danga.com/pipermail/yadis/2005-July/001251.html
     Had an even worse name to start with!

[2] http://openid.net/wiki/index.php/Post_In_My_Weblog



More information about the general mailing list