[OpenID] is openid 2.0 a lightweight identity system?

Johannes Ernst jernst+openid.net at netmesh.us
Fri Feb 9 17:29:24 UTC 2007


I think one way of answering most of these questions in one big swoop  
is by pointing you to some XRDS files that have more than just OpenID  
auth in them.
I volunteer
     http://mylid.net/jernst?meta-capabilities   (the URI to the  
Yadis file associated with my mylid.net openid)
which has a bunch of stuff in it.

Maybe others have examples, too.



On Feb 9, 2007, at 0:18, Simon Willison wrote:

> On 2/9/07, Johannes Ernst <jernst+openid.net at netmesh.us> wrote:
>> This is a misunderstanding. XRDS is crucial if OpenID ever wants to
>> grow beyond authentication, because it captures the meta-data that's
>> needed to say which service types are available and where for a given
>> identifier (aka OpenID URL).
>
> That's exactly the kind of answer I was looking for. Now help me  
> understand:
>
> 1. How XRDS helps OpenID grow beyond authentication.
> 2. Why OpenID growing beyond authentication is a good idea - what kind
> of additional problems does that let us solve?
> 3. Why can't those problems be solved as separate extensions to the
> OpenID spec? Is it really necessary for XRDS to be in core OpenID -
> does it act as a kind of plug-in mechanism without which extending
> OpenID would be significantly less likely to achieve consensus, for
> example?
>
> One of my favourite things about the original OpenID spec was that it
> took one very small problem - authentication over the Web - and /just/
> solved that, in the same vein as the Unix philosophy of building small
> tools that only do one thing.
>
> The first paragraph of the OpenID 2.0 spec states the following:
>
> """
> OpenID Authentication provides a way to prove that an end user
> controls an Identifier. It does this without the Relying Party needing
> access to end user credentials such as a password or to other
> sensitive information such as an email address.
> """
>
> There's nothing there about growing beyond authentication or meta-data
> about service types. I'll be completely honest here: I don't
> understand what "service type" or "service" actually means. The OpenID
> 2.0 spec doesn't help me here - as far as I can tell, a "service" is
> anything that fits in an <xrd:Service> element.
>
> The YADIS spec has an implementor's glossary, but isn't actually any
> more useful as it recursively defines a "Service" as "A service
> provided by a Yadis Resource" and a "Yadis Resource" as "A computer
> software process (or system of processes)
> that provides oneYadis Protocol".
>
> The XRI Resolution spec does only slightly better, defining "Service
> Endpoints" as "descriptors of concrete URIs at which network services
> are available for the
> target resource".
>
> I'm now three specs in and I still don't know what a service is! I'm
> obviously missing something critically important here.
>
> Since I don't like complaining about things without at least trying to
> offer a solution, here are my first proposed questions for an OpenID
> FAQ:
>
> 1. When the OpenID / Yadis / XRI Resolution specifications talk about
> a "service", what do they mean? Are they all talking about the same
> concept?
>
> 2. Why is XRDS a useful component of the OpenID 2.0 specification?
>
> 3. If XRDS' main function is to allow OpenID to grow beyond
> authentication, how does that fit with the stated aim of solving just
> one part of the overall authentication problem? Is that aim still part
> of the OpenID philosophy?
>
> Question 3 isn't really suitable for an FAQ, but I'd personally love
> to know the answer. Maybe OpenID 2.0 needs an updated philosophy
> statement.
>
> Cheers,
>
> Simon




More information about the general mailing list