[OpenID] The delegation story in OpenID 2.0
mart at degeneration.co.uk
Fri Jan 19 08:06:11 UTC 2007
Dmitry Shechtman wrote:
> Although it doesn't seem like TOTAL nonsense, I find this justification
> somewhat questionable.
> If Joe Blogger is an OP, his OpenID server should have XRDS. If he is
> delegating, he should follow the OP's instructions, which would probably
> include remote XRDS (in addition to the good old openid links).
> Maybe this belongs in another mailing list (which I am not a member of).
Unfortunately, since the OpenID bindings for XRDS don't *require* the
"OP-local identifier" (formerly known as openid:Delegate) to be
specified in all OpenID Service elements, most providers aren't going to
include it in *their own* XRDS documents and so they will be unsuitable
for linking from off-site.
However, I agree with you that in the ideal case you'd just do (for example)
...and it would already have inside it the necessary delegate information.
The problem is that even if OpenID's Service element *did* have a
mandatory OP-local identifier, other services declared in the XRDS file
likely would not, so you'd be declaring services on your blog but the
endpoint wouldn't recognise your blog as a valid identifier. Therefore
you must either limit the provider's XRDS file to contain only services
that support delegation in some sense, or write your own XRDS file *in
addition* to your provider's which includes only OpenID and other
services which support delegation.
More information about the general