Discussion: RP Yadis URL?

Chris Drake christopher at pobox.com
Sun Oct 15 17:30:58 UTC 2006 

Hi Drummond,

Don't forget we'll need some way for an IdP to discover the return_to
URL from an RP in the IdP-initiated scenarios (I'd suggest a META or
LINK tag in the web page that the RP displays for accepting a login,
so an IdP (or browser plugin agent!) can "discover" this by parsing
the referrer page directly.  There's a lot of anti-phishing work
taking place right now: such a scheme would allow OpenID instant
access to these new standards too.)

Kind Regards,
Chris Drake


Monday, October 16, 2006, 2:59:12 AM, you wrote:

DR> +1. All of the "defined algorithms for obtaining the XRDS document" from
DR> either a URL or XRI will be going into Working Draft 11 of XRI Resolution
DR> 2.0 starting this week. So it seems all the OpenID Authentication 2.0 spec
DR> needs to specify is that they work against the return_to URL.

DR> =Drummond 

DR> -----Original Message-----
DR> From: specs-bounces at openid.net
DR> [mailto:specs-bounces at openid.net] On Behalf
DR> Of Johannes Ernst
DR> Sent: Sunday, October 15, 2006 12:00 AM
DR> To: specs at openid.net
DR> Subject: Re: Discussion: RP Yadis URL?

DR> Yes. Or any of the other defined algorithms for obtaining the XRDS
DR> file, given the return_to URL.

DR> On Oct 14, 2006, at 23:50, Dick Hardt wrote:

>> I assume you are referring to the return_to URL?
>>
>> Current libraries add all kinds of parameters to that URL, would  
>> you be suggesting that the IdP does a GET on the return_to URL with
>> content-type of XRDS?
>>
>> If so, then we should add that to the spec. I'd then like to get  
>> clear on what would need to be in the Yadis file for indicating the
>> login_url.
>>
>> -- Dick
>>
>> On 14-Oct-06, at 11:43 PM, Johannes Ernst wrote:
>>
>>> Given that the RP has at least one URL, we can perform regular  
>>> Yadis discovery on it. (Likely, all of the RP's URLs point to the
>>> same Yadis document.)
>>>
>>> I don't think an extension to the protocol is needed.
>>>
>>> On Oct 14, 2006, at 22:39, Dick Hardt wrote:
>>>
>>>> Currently there is no method for the IdP to learn anything about the
>>>> RP.  As a path for extensibility, would anyone have a problem with
>>>> having an optional parameter in the AuthN Request for the  
>>>> location of
>>>> the RP's Yadis document?
>>>>
>>>> -- Dick
>>>> _______________________________________________
>>>> specs mailing list
>>>> specs at openid.net
>>>> http://openid.net/mailman/listinfo/specs
>>>
>>> Johannes Ernst
>>> NetMesh Inc.
>>>
>>> <lid.gif>
>>>  http://netmesh.info/jernst
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> specs mailing list
>>> specs at openid.net
>>> http://openid.net/mailman/listinfo/specs

DR> Johannes Ernst
DR> NetMesh Inc.


DR> _______________________________________________
DR> specs mailing list
DR> specs at openid.net
DR> http://openid.net/mailman/listinfo/specs

More information about the specs mailing list