OpenId & Yadis Question
Johnny Bufu
johnny at sxip.com
Mon Feb 26 03:06:50 UTC 2007
On 25-Feb-07, at 3:35 PM, David Fuelling wrote:
> 1.) User navigates to an RP, and enters a Claimed Identifier (e.g.,
> http://sappenin.gmail.com).
>
> 2.) A Yadis doc is returned as follows:
>
> <Service xmlns="xri://$xrd*($v*2.0)">
> <Type>http://specs.openid.net/auth/2.0/server</Type>
> <URI>https://sappenin.com/</URI> </Service>
> </Service>
>
> A.) Is this the proper way to do delegation? Above, gmail.com is
> delegating
> to sappenin.com.
No; in this way you just declare that the OpenID server for http://
sapenin.gmail.com is http://sapenin.com/. Also, if the RP uses this
service element, it will send an "identifier_select" OpenID auth
request.
> B.) If a client gets the Yadis doc above (after navigating to
> gmail.com),
> MUST they (or SHOULD they) navigate to sappenin.com and try to perform
> discovery again? If so, how many delegates are allowed? Not
> specified?
Only one level of delegation. Performing discovery on an URI in a
service element is not part of the yadis spec.
Johnny
More information about the specs
mailing list