Discussion: RP Yadis URL?

Martin Atkins mart at degeneration.co.uk
Mon Oct 16 07:36:39 UTC 2006


Recordon, David wrote:
> 
> I'm torn if this parameter should be added to the spec at this time or
> not.  Adding the parameter is conceptually simple, though I don't think
> there is agreement on what the RP should be publishing in their Yadis
> file.  There is the section
> http://openid.net/specs/openid-authentication-2_0-10.html#anchor42 which
> has the RP publish a return_to URL, though the section was meant to be
> removed as that URL may not be the right entry point to start a
> transaction.
> 

I would say that what's inside the Yadis document is outside the scope 
of OpenID Auth. It's simply a hook to enable extensions that must be 
instrumented at the RP side.

In other words, OpenID auth just needs to specify how to find an RP's 
Yadis document. The rest is for other people to figure out. That is the 
point of Yadis, after all.

(and then this IdP-initiated login thing could be an extension built 
upon this ability, and thus not hold up Auth 2.0.)




More information about the specs mailing list