WebFinger at Google

Santosh Rajan santrajan at gmail.com
Thu Mar 25 10:28:04 UTC 2010 

>From the OpenID perspective we have to see webfinger as a part of
"normalizing  the user supplied identifier". So the OpenID normalization
process would go something like this given a user supplied identifier. (I
will ignore XRI for simplicity)
1) Check to see if the identifier starts with http or https. If yes proceed
as per protocol.
2) If not check to see if the identifier has an "@" sign within the
identifier. If yes use webfinger to get the normalized identifier and
proceed.
3) If not add http to the identifier and proceed.

So really what webfinger returns is the normalized identifier, it is NOT yet
a "claimed id" nor is it a "Local id".

So I am suggesting one of these two rels.
"openid.normalizedID".
"http://specs.openid.net/auth/2.0/normalizedID".

On Thu, Mar 25, 2010 at 11:02 AM, Paul E. Jones <paulej at packetizer.com>wrote:

> Jared,
>
> > It seems weird to return the user's OpenID identifier, when ultimately
> > the OP Endpoint URL is what you need if you want to authenticate the
> > user.  However, I think "http://specs.openid.net/auth/2.0/server"
> > should have been used for the rel type, as it is actually defined by
> > OpenID Authentication 2.0 spec for that purpose.
>
> I don't think it's weird at all to use webfinger to return one's OpenID
> identifier.  After all, Webfinger is intended to be a means of discovering
> information about a person.  Once the identifier is learned, then the OP
> can
> be discovered based on that ID.  Returning the OP URL without the user's
> identifier is not as useful, since the OP would not know who is being
> authenticated: it would then have to prompt the user for his identity.
>
> > What is really needed is an agreed upon URI for what was the "http://
> > specs.openid.net/auth/2.0/signon" type (which carried the user's
> > OpenID URL in XRDS' LocalID element (which is gone from XRD)).
>
> If the rel value is "http://openid.net/identity" and the href value
> represents the user's OpenID identifier, then the RP knows what to do with
> that.  I really think that's what we should try to agree upon.
>
> This would minimize the additional effort an RP would have to make, just
> adding a Webfinger resolution step and making no changes to the OpenID
> spec.
> The RP might want to implement Webfinger, anyway, in order to discover
> information about the user, such as his name, picture, or other information
> he wants to share with the world.
>
> Paul
>
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>



-- 
http://hi.im/santosh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100325/98e1c6b9/attachment.htm>

More information about the specs mailing list