Using XRI Proxy Resolvers in OpenID discovery

Eran Hammer-Lahav eran at hammer-lahav.net
Sun Jul 29 01:14:50 UTC 2007 

Thanks Pádraic,

 

My question was in reference to the suggestion in the specification to use
an XRI proxy and how it might relate to Relaying Party not implementing any
XRI or Yadis support. The spec requires HTML discovery but not the other
two, but users are expected to try their XRI identities not knowing what the
RP will support.

 

In other words, does the spec (or this group) support the idea of using an
XRI proxy to convert an XRI to an HTML page via redirection to the XRI
default page (XRI Resolution 2.0 section 7.6)? If the RP does not implement
XRI (assuming the language of section 7.3.3 remains unchanged), should the
spec recommend at least using an XRI proxy to fetch the default HTML page?

 

EHL

Ps. You don’t have to use Accept: application/xrds+xml if you use query
parameter _rds_r=application/xrds+xml

 

 

From: Pádraic Brady [mailto:padraic.brady at yahoo.com] 
Sent: Saturday, July 28, 2007 7:53 PM
To: Eran Hammer-Lahav
Cc: specs at openid.net
Subject: Re: Using XRI Proxy Resolvers in OpenID discovery

 

Hi Eran,

Not sure I follow what the question is?

Should one use a proxy? Yes. Since it's unlikely any platform will support
XRI resolution natively. Should the proxy be used to grab an XRDS document?
Yes, if possible, and don't forget about the "Accept: application/xrds+xml"
header which a server may use to serve up such a document immediately.
Parsing such a document is not necessarily complex though - I found after
implementing it in PHP using SimpleXML that it's a lot less complex than the
specification would suggest.

I think it's a good idea to grab ALL the XRDS, and not just look for an
OpenID 1.1/1.0 sub-element. In the case of failure to locate OpenID 1.1, you
then have the full document to see if it's only offering 2.0
(signon/server).

Given you need a full parsing ability, the first option seems to make the
most sense. Get as much as possible upfront to avoid any second/third HTTP
requests to the User/OP. It's more efficient this way I think - if you are
using caching, XRDS lookups shouldn't occur on each and every OpenID
authentication process anyway.

Regards,
Pádraic

 

Pádraic Brady
http://blog.astrumfutura.com
http://www.patternsforphp.com

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20070728/a51176c2/attachment-0002.htm>

More information about the specs mailing list