OpenID V.Next - Some Views to Consider

John Bradley john.bradley at wingaa.com
Wed May 12 21:47:38 UTC 2010 

Webfinger is a profile of LRDD that allows this new thing called an account URI (We shall make the assumption for the moment that it gets registered and is a URI) to be resolved via LRDD to a XRD.

The important thing WebFinger provides is a way to determine the root of authority for a Acct URI.  (The host to start discovery on)

In principal any URI with a host segment can use LRDD to get a XRD.   

I suppose other types of URI could define some other root for discovery as well. 

So if openID supports LRDD then normalization rules for Acct: and other URI schemes could be specified so that they to can be resolved to a XRD.

The question will be for the core protocol what to use as the claimed_id.   

There are three schools of thought.
1 The normalized input identifier
2 The Subject of the XRD
3 The claimed_id that the OP returns.

There are arguments to be made for all three.

I expect this to be addressed in the WG.

John B.
On 2010-05-12, at 12:34 PM, Santosh Rajan wrote:

> Starting a new thread here based on an earlier one quoted below.
> 
> Let us reconsider the definition of OpenID for V.next. I would like to see a new definition for OpenID.
> 
> "An OpenID is Any Valid URI that can be resolved to it's Descriptor".
> 
> Now let me give a little explanation on the above, with a few points.
> 1) Existing OpenID's version 1 and 2 are compatible with the above definition. (http(s) OpenId's version 1 and 2 do resolve to their descriptor's)
> 2) Email like identifiers are compatible with the above definition with the webfinger protocol, and ofcourse resolve to their descriptor's.
> 
> Now any other future protocol that can make its URI resolvable to a descriptor, will also be a Valid OpenID. Let me give an example.
> 
> According to the above definition we can make "tag URI's" valid OpenID's, as long as we have a protocol to resolve this URI to its's descriptor.
> tag:user at example.com,2007-11-02:Tag_URI
> 
> Now as far as I am concerned tag URI's are even better as OpenID's, because they are unique over space and time.
> 
> Webfinger support for tag URI's anyone? :-)
> 
> ---------- Forwarded message ----------
> From: Paul E. Jones <paulej at packetizer.com>
> Date: Wed, May 12, 2010 at 8:11 AM
> Subject: RE: Draft charter for v.Next Attributes working group
> To: Santosh Rajan <santrajan at gmail.com>
> Cc: Mike Jones <Michael.Jones at microsoft.com>, jsmarr at stanfordalumni.org, openid-specs at lists.openid.net, tech-comm at openid.net
> 
> 
> Santosh,
> 
>  
> Why not store the claimed ID in the webfinger (LRDD) XRD document?
> 
>  
> The objective, I would hope, is to make it easier to log into web sites.  Email-style identifiers make that easier, but the system does not have to be built around those.
> 
>  
> So, I sign up with a service provider.  Let’s just use my own site as an example.  I am assigned an email address paulej at packetizer.com.  Behind the scenes, I am also assign an OpenID ID http://openid.packetizer.com/paulej.  Now, when I visit a web site, I can type ‘paulej at packetizer.com’ and the site can perform a webfinger query to discovery by OpenID ID.  We would define a link relation (something we’ve talked about before) that represents openid.  It could be http://openid.net/identity or it could be simply “openid” (since link relations need not be URIs).  Looking at the href of the “openid” link relation, one would find my OpenID URI http://openid.packetizer.com/paulej.
> 
>  
> Now, should I wish to have a different email provider than my openid provider, that’s fine: I could change the record associated with the openid link relation to contain a different OpenID identifier.  Alternatively, I could just get an account at someopenidop.com and they might assign an e-mail style address like paulej at someopenidop.com and perform the Webfinger resolution behind the scenes.
> 
>  
> Anyway, issue this request:
> 
> $ curl http://www.packetizer.com/lrdd/?uri=acct:paulej@packetizer.com
> 
>  
> You’ll see the link relation for my claimed ID:
> 
> <Link rel="http://openid.net/identity"
> 
>       href="http://openid.packetizer.com/paulej"/>
> 
>  
> It does introduce another protocol, but I think these play nicely together.  The real identity would remain the URL that OpenID uses today.  The email identifier would just be an alias for it.
> 
>  
> Paul
> 
>  
> From: Santosh Rajan [mailto:santrajan at gmail.com] 
> Sent: Tuesday, May 11, 2010 12:39 PM
> To: Paul E. Jones
> Cc: Mike Jones; jsmarr at stanfordalumni.org; openid-specs at lists.openid.net; tech-comm at openid.net
> Subject: Re: Draft charter for v.Next Attributes working group
> 
>  
>  
> On Tue, May 11, 2010 at 8:55 AM, Paul E. Jones <paulej at packetizer.com> wrote:
> 
>  
> Adding support for email-style addresses is something I like, but something that can be provided via webfinger.  Thus, no change to the base protocol.
> 
>  
>  
> I beg to disagree here. I think the base protocol needs to address the issue of email like identifiers. I would like to see that email like identifiers are valid OpenID claimed id's.
> 
> So something like acct:example @ example.com should be a valid OpenID claimed_id.
> 
>  
> Also this discussion should not be in this thread (about attributes) and maybe someone could start a new thread on this subject.
> 
>  
> Thanks
> 
> Santosh
> 
>  
>  
> http://hi.im/santosh
> 
> 
> 
> 
> -- 
> http://hi.im/santosh
> 
> 
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100512/b25b9bb9/attachment.htm>

More information about the specs mailing list