The Wiki, iNames and OpenID accounts

Chasen, Les les.chasen at neustar.biz
Tue Oct 31 11:33:50 UTC 2006 

Resolution is a two step process.  First there is authority resolution
of the fully qualified XRI.  Second there is service selection.  The
resolver takes care of both of these.  The client does need to tell the
resolver what service is to be selected as well as whether to perform
service selection or not.  The xri.net proxy resolver by default will
perform service selection.

In this case the client (the RP) may be interested in the
http://openid.net/signon/1.0 (the openid SSO service type) service or
the +myopenid service that =avery defined.  I believe that the RP in
question here is using the openid SSO service and therefore got confused
when presented with another service selection option, i.e.
=avery/+myopenid.  I am thinking, but not convinced, that an openId
based RP should always use the openid SSO service for authentication.
This would mean either erroring =avery/+myopenid or ignoring the path
component.  Or an RP can handle both conditions by requesting slightly
different options from the resolver.  As Drummond points out this is a
trade off.

- Les

 

> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net]
On
> Behalf Of Martin Atkins
> Sent: Tuesday, October 31, 2006 2:46 AM
> To: general at openid.net
> Subject: Re: The Wiki, iNames and OpenID accounts
> 
> Drummond Reed wrote:
> > Good point, Les. It's a tradeoff between:
> >
> > * Enabling forwarding XRIs to be used as OpenID login identifiers
but
> having
> > RP client libraries need to make a different resolution call
depending
> on
> > whether the XRI contains a path or not, and...
> >
> > * Ignoring local paths on XRIs used as OpenID login identifiers
(which
> means
> > not supporting forwarding XRIs) but having one standard XRI
resolution
> call.
> >
> > Do folks on the list have any strong leanings?
> >
> 
> I don't like the idea that RPs have to understand XRI. The resolver
> library is supposed to be doing all the work for them. I must admit to
> not quite understanding the issue yet, but is there not some way that
> this funny case can be handled in the XRI resolver library?
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list