[OpenID] XDI cross-references

Peter Williams pwilliams at rapattoni.com
Mon Dec 29 17:31:48 UTC 2008 

Concerning line ~219 http://iss.xdi.org/moin.cgi/ForwardingService?action=AttachFile&do=get&target=iss-forwarding-v1.0-wd-03.pdf


Is there anywhere I can use an XDI-like service...to try out its integration with actual openid discovery clients (pbwiki, plaxo, blogspot, etc)?


Am I right to think that the scheme is saying that if I type in an HXRI invoking the forwarding service, a 3xx https response may come back - whose URL form _can_ be another HXRI ...calling upon another XDI-like forwarding network? That pattern of double discovery may be viable for realty: use an i-broker governed forwarding service to locate a private forwarding service that is not governed  by i-broker vendor associations. Some Realty MLSs would run their own XRI forwarding service, and others would want to use the private-label services of Neustar, etc.

Ok less theory, more practice! We have a need to let query-based openid discovery agents use their rule-rewriting expressions to produce a websso-switch invocation URL of the form:


http://swmrsso.rapmlsstg.com/sp/startSSO.ping?PartnerIdpId=rapattoni:mlsstgswmichigan:entityId



If I was to use i-names as the entity name for the openid entity in PartnerIdpId (=example/seattle/sightseeing), I can see the forwarding service producing for me, given the input https://xri.net/=example.personal.nickname/(+forwarding)



http://swmrsso.rapmlsstg.com/sp/startSSO.ping?PartnerIdpId=%3dexample%2fseattle%2fsightseeing



is there an example forwarding service that is really capable of this (including the url encoding)?

(No...I cannot change the required form of the target URL, its set by the websso-switch vendor).




From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Peter Williams
Sent: Sunday, December 28, 2008 8:18 PM
To: general at openid.net
Subject: [OpenID] XDI cross-references

Concerning http://iss.xdi.org/moin.cgi/ForwardingService?action=AttachFile&do=get&target=iss-forwarding-v1.0-wd-03.pdf


1.       Do any of the XRI client library process service elements with the  forwarding metadata?



2.       Anyone ever considered letting the forwarding set  be the set of authorized  redirects/forwardings, that may be used in openid discovery?



In a simple XRDS file implementation environment, one can imagine the openid discovery client following the n openid URL 302 redirects, but only rely on the XRDS at the final URL if the chain of redirects that it has just gone through is supported by the relevant XRD. (Assume that the XRDS is served over https, that the webserver is also an OCSP responder, that the signed OCSP response bears proxies the CA's status statement about the https cert of the endpoint, and has an extension bearing a mac of the XRDS.



3.       Can anyone imagine letting openid discovery follow a chain of XRD-indicated forwardings (much like it follows chains of https 302 redirects?)

I have  to assume the forwarding element is already used in voip-applications of XRD (generated by real QXRI resolvers, obviously) for secure/authorized call-forwarding etc.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081229/1a3565d3/attachment-0002.htm>

More information about the general mailing list