The Wiki, iNames and OpenID accounts
Chris Drake
christopher at pobox.com
Thu Oct 26 12:10:49 UTC 2006
Hi Avery,
The short answer as to why your delegation failed is because i-names
are natively supported on the forum. Had you used your ilink:
"xri.net/=avery/(+myopenid)" over at livejournal.com (another openid
enabled site - but not one supporting inames yet), everything would
have worked as you expected :-)
The long answer...
Most of the openid enabled sites are based on the OpenID 1.1 specs. That means
that inames are not natively supported. Every OpenID 1.1 consumer out
there that does currently support inames is using a hacked version of
the protocol to support this.
Case scenarios:
1. Consumer without support for inames.
For every OpenID url it will fetch the page that is indicated by the
url. It will follow redirects if they are present. When the consumer
has obtained the final page, it will search for the special <link>
tags to discover an openid server endpoint. In this case a simple GET
request on xri.net/=avery/(+myopenid) will result in a GET request for
aglasser.myopenid.com if the redirects are followed. So it will work
as you wish.
2. Consumer with support for inames
If the consumer detects that the openid url begins with an = or @ or
xri.net or xri:// then it will perform yadis discovery on
http://xri.net/openid_url (a GET request with Accept:
application/xrds+xml). From the xrds it will take the openid server's
endpoint and the authentication will continue.
The problem that you've run into it: you are trying to use
xri.net/=avery/(+myopenid) or =avery/(+myopenid) for openid
authentication at http://openid.net/wiki - but - It seams that the
openid.net/wiki's consumer doesn't understand the difference
between =avery/(+myopenid) and =avery.
I expect it does yadis discovery on xri.net/=avery/(+myopenid), then
from the obtained xrds, it finds the openid server's end point to
initiate an authentication request for the openid url
=avery/(+myopenid) - which is not an iname, it's an ilink, so this
results in a canceled operation from 1id.com's servers.
Note: xri.net it will return the xrds for an iname regardless of the
way this was requested.
The responses from a GET request with accept application/xrds+xml on
http://xri.net/=avery/(+myopenid) and http://xri.net/=avery are the
same.
curl -H 'Accept: application/xrds+xml' -i 'http://xri.net/=avery/(+myopenid)'
curl -H 'Accept: application/xrds+xml' -i 'http://xri.net/=avery'
Kind Regards,
Chris Drake
Thursday, October 26, 2006, 4:42:14 PM, you wrote:
AG> Ok,
AG> This will probably go down in the history of silly things I have thought about at 11pm...
AG> I have an iname through 1id.com (=avery). I set up as a tag,
AG> a reference to my usual OpenID URL =avery(+myopenid). Going to
AG> http://xri.net/=avery/(+myopenid) properly resolves my my
AG> myopenid.com account.
AG> Why would I do such a silly thing? Because I established
AG> aglasser.myopenid.com well before I registered my iname.
AG> I tried to log into the OpenID.net/wiki using:
AG> =avery+myopenid
AG> =avery(+myopenid)
AG> =avery/(+myopenid)
AG> http://xri.net/=avery/(+myopenid)
AG> My assumption is that when the wiki attempted to resolve the
AG> iname for authentication, it would resolve to
AG> aglasser.myopenid.com. Each time, it kicked back a failure. Of
AG> course, going in with =avery worked fine. Going in with
AG> aglasser.myopenid.com worked fine as well.
AG> This leads to an interesting set of thoughts - at least
AG> interesting for this time of day...
AG> 1) As http://xri.net/=avery/(+myopenid) resolves to
AG> aglasser.myopenid.com - shouldn't this work as a valid OpenID
AG> Identity URL?
AG> 2) If the answer to #1 is yes, shouldn't I be able to use
AG> =avery(+myopenid) as a valid iname for authenticating to the wiki?
AG> 3) More fundamental (and probably out of scope for this
AG> group), shouldn't an inames registrar allow one to set a default
AG> OpenID Identity URL independent of the iname account?
AG> - Avery
More information about the general
mailing list