[OpenID] Multiple endpoints in a single XRDS document

[Andrew Arnott]

I'm curious how other libraries do (or plan to) handle multiple endpoints in
a single XRDS document.  I see a few considerations, in order:

   1. Enumerate the services in the XRDS-defined priority order
   2. Skip the services that do not expose OpenID endpoints.
   3. Skip the OpenID endpoints with Providers that do not quality
   (whitelist/blacklist or advertised extension support
   4. Take the first endpoint that is left after these filters.

But what about the rest of the endpoints listed?  Here are some
possibilities:

   1. Just use the first endpoint and trust it works.
   2. Try each one successively.  That is, the RP should attempt to
   establish an association with each one until it succeeds with one, and then
   redirect the user to that one for authentication.  Redirecting the user to
   an unavailable Provider will result in a dead end failure page and the RP
   will lose the opportunity at this point to try the next endpoint.
   3. A variant on the last, except that in addition to skipping OPs that do
   not respond to association requests, allow the user to "fail" or cancel the
   authentication on the first provider and proceed to the second provider
   listed for another authentication attempt.
   4. Offer the user a list of his/her providers to choose from for
   authentication.

Have thoughts been written already on which of these are best and/or common
in existing libraries?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080714/513369b8/attachment-0001.htm>