Differentiating between User Identifier and OP Identifier

Eran Hammer-Lahav eran at hammer-lahav.net
Sat Jul 28 17:00:03 UTC 2007


Thanks Johnny!

It makes more sense now. Here are some further comments:

I started to rewrite section 7 to make it easier to read but as I was going
through it again and again, it became clearer. I think while all the terms
are properly explained elsewhere, it might help to repeat some of them (like
the two kinds of identifiers the user can provide) within the text. Here are
some more specific comments and questions (I am not sure what's the process
of suggesting changes to the draft). Obviously this is all meant as a
suggestion so I will refrain from prefixing each comments with "I would like
to suggest" (this might sound like a silly thing to say, but I really
respect the work done by this group and would not want to offend anyone
coming off too aggressive with "instructions").

Section 7.3.1:

"If more than one set of the following information has been discovered, the
precedence rules defined in [XRI_Resolution_2.0] are to be applied."

This somewhat confusing when combined with section 7.3.2.2:

"Once the Relaying Party has obtained an XRDS document, is MUST first search
the document (following the rules described in [XRI_Resolution_2.0]) for an
OP Identifier Element."

My confusion comes from the fact the spec is not clear about what makes a
valid XRDS document used for OpenID discovery. In this case, it sounds like
an XRDS document MUST no include both an OP Endpoint element and a Claimed
Identifier element. If it has both, and the Claimed Identifier Service
Element has a higher priority, what does that mean?

Remove section 7.3.2.2 and move its content to the end of 7.3.2. It makes a
better introduction to the two possible elements and their relationship.

Section 7.3.2.3 is confusing:
1. Does it only apply to XRI identifiers, not to XRDS documents found during
Yadis discovery?
2. It seems to only apply to Claimed Identifier Element - maybe it should
merge into section 7.3.2.1.2?
3. It would be helpful to explain or reference how the RP can confirm the
authorities listed in the 2nd paragraph. I read a couple of long threads on
this list regarding this, but did not see a resolution.
4. The first line of the third paragraph is not needed.
5. The section briefly explains the <CanonicalID> tag, but not the
<ProviderID> tag. A one line context of the <ProviderID> tag would help.
6. Last line is confusing. Where would a <CanonicalID> come from if using a
URL identifier? This entire section is under XRDS discovery. Does it refer
to the URL used in a Yadis discovery (I assume not)?

Section 7.3.2.4 says "...no longer used..." but it is not clean where was it
used before? The only spec I read prior this this one was the OpenID 1.1
which does not make use of XRDS documents.

Move the first paragraph of section 7.3.3 to the end of section 7.3.1. It
will explain which discovery process is used for each of the possible
identity types. Also, from "HTML-Based discovery MUST be supported by
Relaying Parties" is sounds like XRDS discovery is not required. If this is
true, it should be made much clearer and provide guidelines of the proper
reply to the user when the RP only supports HTML discovery.

Thanks,

=eran





More information about the specs mailing list