[OpenID] URL normalization issues

Martin Atkins mart at degeneration.co.uk
Sat Mar 24 10:30:16 UTC 2007


Steve Bjorg wrote:
> Hi,
> 
> I'm new to the list, but have been reading it for a while.  I say  
> that, because I don't agree with statement below.  Maybe that's due  
> to my misunderstanding, but it seems that Yadis has a greater purpose  
> than to just serve OpenID.  I was actually thinking of leveraging it  
> to create additional associations with different non-identification  
> based services.  Being able to find everything in one place  
> (identity, preferences, etc) is very appealing.  So,  coupling XRDS  
> to OpenID would diminish it potential in my opinion.
> 
> Does anybody else use XRDS for more than just identification?
> 

I did not mean to imply that Yadis would be only for discovery of an 
OpenID service endpoint, I was simply talking about the OpenID 
*Brand*... that is, XRDS-based service discovery (which can still be 
used for discovering anything you like!) would be called an OpenID 
specification rather than being off in the separate world of Yadis.

Really the idea was just to bring everything together into one place, 
since it's clear that the disjoint relationship between OpenID and Yadis 
causes confusion and makes the OpenID Authentication spec seem more 
complicated simply because it references "someone else's" spec despite 
the fact that it's not really someone else's spec at all.

So just to make it clear, in my proposed world, there would be three specs:

OpenID Authentication 2.0 - This is the spec that's already drafted, but 
with the Yadis references turned into references to the below new specs.

Service Discovery using XRDS - Describes the subset of the XRDS format 
used for service discovery, so that developers using it only for service 
discovery don't have to learn all of the XRI resolution-related bits and 
pieces.

Discovery for HTTP and HTTPS URLs - Describes how to take an HTTP URL 
and find its XRDS document. This is simply the first chunk of Yadis 
where it asks you to look for X-XRDS-Location, etc.

OpenID Authentication 2.0 would then be written as an application of 
XRDS-based service discovery. Nothing would really change technically... 
it's just a branding/perception issue.





More information about the general mailing list