[OpenID] Dumb Question: Why isn't http://xri.net/=bobwyman anOpenID?

Recordon, David drecordon at verisign.com
Thu Jan 4 04:55:28 UTC 2007

My guess is that when a normal HTTP fetch is performed against
http://xri.net/=bobwyman, the proxy resolver expects you to be in a
browser and thus issues a 302 Redirect to your contact page.

One option is if the iBrokers (is it iBroker or i-broker?) included
Yadis on each contact page.  This would mean the OpenID Relying Party
would fetch http://xri.net/=bobwyman, be redirected to
http://2idi.com/contact/=bobwyman, and then have that URL to perform
discovery.  The problem this presents is that the Relying Party follows
redirects and canonicalizes the final URL as the Claimed Identifier.
This thus means you'd no longer be making a claim about
http://xri.net/=bobwyman, but rather that you own
http://2idi.com/contact/=bobwyman.  Thus if you change iBrokers, this
assertion would no longer remain valid.  It also removes the protection
the iNumber (and CanonicalID tag) adds to the XRI Resolution process
since i-names can be reassigned.

I'm unsure if there is some trickery that could be done in the Yadis
discovery document to resolve this, though really what I think would end
up is you would enter http://xri.net/=bobwyman to start the discovery
process, but then end up making an assertion about =bobwyman and not the
URL version of it.

Someone correct me here if my logic is wrong.



From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Bob Wyman
Sent: Wednesday, January 03, 2007 8:44 PM
To: openid-general
Subject: [OpenID] Dumb Question: Why isn't http://xri.net/=bobwyman

My apologies if this is a really dumb question...
Why is it that I can do OpenID authentication with either of =bobwyman
or xri://=bobwyman but, according to the OpenIDEnabled checkup
_url=http%253A%252F%252Fxri.net%252F%253Dbobwyman>  page,
http://xri.net/=bobwyman is not a working OpenID?
bob wyman

More information about the general mailing list