[OpenID] Verisign Seatbelt "vs" ClaimOP/RP -- OpenID notsoopenanymore?

[Martin Atkins]

Recordon, David wrote:
> Hey Peter,
> The SeatBelt is a FireFox extension designed to help with convenience
> and phishing concerns around using OpenID.  It makes no changes to any
> of the OpenID protocols.  The only "protocol" it uses is a discovery
> convention (just like RSS or ATOM auto-discovery) where an OpenID
> Provider marks-up a link rel tag pointing to an XML configuration file
> for the extension.  This provides the ability for the extension to work
> with new providers without requiring any changes or certification
> process from VeriSign.  As part of this configuration, the provider
> exposes an HTTPS endpoint which returns an XML document about the
> current logged in user (or that there isn't anyone logged in).
> 
> Just to restate this, we're not doing *anything* which changes the
> OpenID protocol(s).
> 

Now (before Seatbelt or any of its competitors get too entrenched) is 
probably a good time to agree on a standard way to specify the 
information that Seatbelt gets from its metadata file so that all of 
these helper plugins can work off the same descriptor and implementors 
aren't burdened by adding a separate metadata file for every released 
plugin.

Doing as an XRDS service seems reasonable to me. Vendor-specific 
extensions can then be added via XML namespaces as normal.