XRD and OpenID 2.1

Nat Sakimura n-sakimura at nri.co.jp
Fri Sep 4 04:48:44 UTC 2009 

You do not want to state the endpoint. You only want to sate the 
provider, IMHO.
So, http://openid.net/rel/endpoint would not be a good naming.
I like something in the line of

http://openid.net/rel/op etc. or more verbose version of it like:
http://openid.net/rel/my_op etc.

=nat

Santosh Rajan wrote:
> To make discovery easier  for an RP, I suggest we limit the RP to look 
> for one of two resources in a users XRD.
> 1) An OpenID Endpoint
> 2) An OpenID Delegate.
> If an OpenID endpoint is not available in a users XRD, the RP will 
> next look for a delegated host. In both cases the RP is looking for a 
> Rel value in a Link Element. So I suggest something like this for Rel 
> values
> 1) http://openid.net/rel/endpoint <http://openid.net/op/endpoint>
> 2) http://openid.net <http://openid.net/op/endpoint>/rel/delegate
>
> On Thu, Sep 3, 2009 at 10:55 AM, Nat Sakimura <n-sakimura at nri.co.jp 
> <mailto:n-sakimura at nri.co.jp>> wrote:
>
>     The first XRD in my example is the "User Discovery" XRD in Dirk's
>     post.
>     I am talking about what to use for <rel> URI here.
>     In XRI TC's discussion, we disccussed that it probably is not
>     right to
>     use the same URI for both "User Discovery" document (which defines
>     relationship, "Relationship URI") and "Provider Discovery" (which
>     defines the service).
>     I suppose Dirk is using the same URI just for the lack of this
>     "Relationship URI".
>
>     Also, in Dirk's example, in User Discovery, he is siting
>     <URI>http://openid.example.com/op</URI>
>
>     I suppose this is somewhat misleading.
>     I suppose it should be
>
>     <URI>http://example.com/#<URI>
>
>     (Note: I have added # to denote that it is pointing to a non
>     information resource.
>     As it is a non-information resource, the matching information
>     resource has to be
>     discovered by some other protocol, such as LRDD/site-meta.)
>
>     As to the Provider Discovery is concerned, there is no <Host> in
>     the latest XRD schema.
>     It is unified with <Subject>. How to express the "Subject Set" or
>     entire domain is
>     still under discussion, I believe, in site-meta discussion. The
>     last I have seen is
>     something like: <Subject>site-meta://example.com
>     <http://example.com></Subject>.
>     Personally, I do not like it. (W3C people will not either, I think.)
>     What some XRI TC people suggested was to use something like
>     <Subject>http://example.com/#</Subject> as in AWWW, but this is
>     something
>     that should be discussed in another thread.
>
>     What I was referring to as "not sure" was whether we need to
>     support all types of LRDD
>     or just one, for OpenID. I have got an opinion on that but I am
>     intending to start
>     yet another thread for that. (Or somebody else can do so. I am
>     rather time constrained.)
>
>     I think it is a good practice to separate those threads and
>     concentrate on one issue
>     per thread so that we can avoid drifting discussion.
>
>     This thread is only about the Relationship URI.
>
>     =nat
>
>
>
>     Santosh Rajan wrote:
>>     There is an article posted here related to this.
>>     http://www.hueniverse.com/hueniverse/2009/09/openid-and-lrdd.html
>>
>>     So how does this work in the above framework?
>>
>>
>>     On Thu, Sep 3, 2009 at 9:26 AM, Nat Sakimura
>>     <n-sakimura at nri.co.jp <mailto:n-sakimura at nri.co.jp>> wrote:
>>
>>         So, User's XRD would have something like
>>
>>         <xrd id="foo">
>>         <Subject>http://sakimura.org/nat</Subject>
>>         <ds:Signature> ... </ds:Signature>
>>         <link>
>>         <rel>http://openid.net/rels/myopenid_provider</rel>
>>         <url>http://myopenid.net/</url>
>>         </link>
>>         </xrd>
>>
>>         This is fetched during the discovery. (I am still not so sure
>>         about
>>         the relationship between X-XRDS-Location: header and
>>         site_meta etc.
>>         Are we abandoning the header model?)
>>
>>         Then, the RP searches for my relationship with OP through <rel>.
>>         Once it was found, the RP goes to the url specified in the
>>         <link> to
>>         get the Service's XRD like:
>>
>>         <xrd id="baa">
>>         <Subject>http://myopenid.net/</Subject>
>>         <ds:Signature>...</ds:Signature>
>>         <link>
>>         <rel>http://openid.net/op/endpoint</rel>
>>         <url>http://specs.openid.net/auth/2.0</url>
>>         </link>
>>         </xrd>
>>
>>         to find out the concrete endpoint of this authentication service.
>>
>>         =nat
>>
>>
>>         John Bradley wrote:
>>
>>             Allen,
>>
>>             In XRD 1.0 we are moving to a link based model.
>>
>>             So a users XRD rather than having to specify the openID
>>             providers service can point to an openID provider.
>>
>>             The URIs that we currently use describe the service not
>>             the provider.
>>
>>             I think Nat is looking for a link relationship that
>>             describes a user pointing  to a service providers XRD
>>             rather than to the service itself.
>>
>>             There will be a bunch of new link types required for
>>             various protocols.
>>
>>             John B.
>>
>>
>>             On 2009-09-02, at 5:27 PM, Allen Tom wrote:
>>
>>                 Hi Nat,
>>
>>                 Can you explain the problem in a bit more detail? Can
>>                 you give an example use case?
>>
>>                 Thanks
>>                 Allen
>>
>>
>>                 Nat Sakimura wrote:
>>
>>                     The second topic for OpenID 2.1
>>
>>                     Maybe, it should be separated to the Discovery but...
>>
>>                     In XRD 1.0, we need to define <Rel> type url for
>>                     the user=OP relationship.
>>                     What shall we use?
>>
>>                     Something like:
>>
>>                     http://specs.openid.net/rel/openid_provider#
>>
>>                     =nat
>>                     _______________________________________________
>>                     specs mailing list
>>                     specs at lists.openid.net
>>                     <mailto:specs at lists.openid.net>
>>                     http://lists.openid.net/mailman/listinfo/openid-specs
>>
>>
>>                 _______________________________________________
>>                 specs mailing list
>>                 specs at lists.openid.net <mailto:specs at lists.openid.net>
>>                 http://lists.openid.net/mailman/listinfo/openid-specs
>>
>>         _______________________________________________
>>         specs mailing list
>>         specs at lists.openid.net <mailto:specs at lists.openid.net>
>>         http://lists.openid.net/mailman/listinfo/openid-specs
>>
>>
>>
>>
>>     -- 
>>     http://santrajan.blogspot.com
>>     http://twitter.com/santoshrajan
>>     http://www.facebook.com/santosh.rajan
>>
>>
>
>
>
> -- 
> http://santrajan.blogspot.com
> http://twitter.com/santoshrajan
> http://www.facebook.com/santosh.rajan
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20090904/e0131956/attachment.htm>

More information about the specs mailing list