Email Address to URL Transformation

George Fletcher gffletch at aol.com
Wed Jan 27 21:49:09 UTC 2010


Well... I believe that the scope of the <Link>'s described in a 
host-meta XRD should be at the host level. As such the host should be 
able to put anything it wants in that XRD to describe the host. For 
example, may the host is also a SAML IDP and wants to "advertise" that 
as well.

How exactly OpenID v.next defines discovery of identifiers is something 
else. And in fact, webfinger defines it's own discovery mechanism 
separate from OpenID.

For an RP that wants to discover meta-data about an email address, using 
webfinger makes a lot of sense. Webfinger defines acct: scheme and the 
http://webfinger.info/rel/service relationship and requires the 
"protocol" to use the associated URI endpoint.

A different discovery flow could require/recommend using a <Link> from 
the host-meta XRD itself.

As all this relates to OpenID and email-to-URL-transform, I can see 
OpenID supporting a fallback method to the <Link> in the host-meta XRD 
if the webfinger protocol fails.

For example, the RP takes the email address alice at example.com and uses 
webfinger to try and find an associated OP endpoint. If the discovery 
resolution fails, or the returned XRD does NOT define an OP endpoint, 
the RP MAY look in the host-meta XRD for an OP Endpoint <Link>. Or 
something like that.

Thanks,
George

On 1/27/10 4:18 PM, Paul E. Jones wrote:
>
> George,
>
> You're right that there are two things.  The question is, do we wish 
> to allow only OP advertisement via the host meta-data XRD file?  That 
> would certainly work for me.  But, would users prefer to have a single 
> email address (e.g., user at gmail.com <mailto:user at gmail.com>) and still 
> be able to associate that with a different OP through webfinger?
>
> People could always have a different acct: URI.  Is that preferred 
> over trying to support both host meta-data and user meta-data XRD 
> documents?
>
> Paul
>
> *From:* George Fletcher [mailto:gffletch at aol.com]
> *Sent:* Wednesday, January 27, 2010 3:11 PM
> *To:* Paul E. Jones
> *Cc:* 'Allen Tom'; arshad.khan at channel321.com; specs at openid.net
> *Subject:* Re: Email Address to URL Transformation
>
> I think there are two different things being described... (1) meta 
> data about the host (host-meta) and (2) meta data about the acct: 
> identifier (XRD returned from the webfinger template URI endpoint).
>
> In this thread, that host-meta XRD only describes one service of the 
> host... webfinger. However, there is nothing stopping the host from 
> also adding a <Link> specifying that it is also an OpenID Provider. I 
> agree with Allen that this is valuable information. This doesn't 
> preclude or supersede the XRD returned for the user (based on the 
> template URI endpoint).
>
> So, if an RP is looking to find the user's OP, then follow the 
> webfinger protocol. If the RP just wants to know if a domain supports 
> OpenID it can just look in the host-meta for that domain.
>
> I don't think they conflict.
>
> Thanks,
> George
>
> On 1/25/10 3:52 PM, Paul E. Jones wrote:
>
> Allen,
>   
> Perhaps we're in agreement, but I wasn't clear.
>   
> I think OpenID RPs should be able to use XRD documents in order to discover
> the user's login service -- I like this.  What I would *not* want is for
> that to be defined in this document:
> http://yahoo.com/.well-known/host-meta
>   
> The reason is that this document is not user-specific and blankets
> everything under the yahoo.com domain.
>   
> Rather, I'd want that to be in this document:
> http://webfinger.yahooapis.com/?id={%id}
>   
> Or other document that allows the user to provide details about himself.
> So, if I enterpaulej at yahoo.com  <mailto:paulej at yahoo.com>, RPs would still be directed to
> http://openid.packetizer.com/paulej  by querying the above document (or other
> document) and finding some pointer to my OP.
>   
> Paul
>   
>    
>
>     -----Original Message-----
>
>     From: Allen Tom [mailto:atom at yahoo-inc.com]
>
>     Sent: Monday, January 25, 2010 1:45 PM
>
>     To: Paul E. Jones
>
>     Cc:arshad.khan at channel321.com  <mailto:arshad.khan at channel321.com>;specs at openid.net  <mailto:specs at openid.net>; 'John Panzer'
>
>     Subject: Re: Email Address to URL Transformation
>
>       
>
>     Hi Paul -
>
>       
>
>     This assumes that every user with a Gmail or Yahoo email account can
>
>     use
>
>     their account as an OpenID. Simply asking the user to enter their email
>
>     address to kickoff the sign-in process is a lot more scalable than the
>
>     NASCAR, and is probably a lot more usable then asking them to enter
>
>     their
>
>     OpenID URL.
>
>       
>
>     Allen
>
>       
>
>     On 1/24/10 7:12 PM, "Paul E. Jones"<paulej at packetizer.com>  <mailto:paulej at packetizer.com>  wrote:
>
>       
>
>          
>
>           
>
>         But, wouldn't that assume that every user who has a gmail.com or
>
>                
>
>     yahoo.com
>
>          
>
>         email address uses Google or Yahoo, respectively, for OpenID?
>
>           
>
>           
>
>                
>
>       
>
>          
>
>   
>   
> _______________________________________________
> specs mailing list
> specs at lists.openid.net  <mailto:specs at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs
>   
>    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100127/e9ae4878/attachment.htm>


More information about the specs mailing list