[OpenID] typepads interesting service for leaving comments

John Bradley john.bradley at wingaa.com
Wed Aug 26 17:23:32 UTC 2009 

Peter,

The xri.net proxy is redirecting the RP's discovery to your default  
service via a http 302.  This happens to be your contact page as you  
have your XRDS configured.

At that point the RP is doing HTML discovery.
If you look at the HTML of your contact page it contains:
<link rel="openid.server" href="https://authn.freexri.com/authentication/ 
" />
<link rel="openid2.provider" href="https://authn.freexri.com/authentication/ 
" />
<link rel="openid.delegate" href="http://xri.net/@!E459.819D.771.7990!5B62.6F13.7602.5176 
" />
<link rel="openid2.local_id" href="http://xri.net/@!E459.819D.771.7990!5B62.6F13.7602.5176 
" />
The RP never sees the XRDS.  You have a simple case of delegation via  
HTML tags.
You could change your contact page to include a X-XRDS-Location or  
delegate to someplace else as you like.
Changing your XRDS contact service will let you point to a blog or any  
other page with the correct markup to use as a openID.   However the  
target URL will become your claimed_id.
John B.

On 26-Aug-09, at 12:48 PM, openid-general-request at lists.openid.net  
wrote:

> Date: Wed, 26 Aug 2009 08:18:33 -0700
> From: Peter Williams <pwilliams at rapattoni.com>
> Subject: [OpenID] typepads interesting service for leaving comments;
> 	per synonym delegation of OPs
> To: "openid-general at lists.openid.net"
> 	<openid-general at lists.openid.net>
> Message-ID:
> 	<BFBC0F17A99938458360C863B716FE463DCDF23913 at simmbox01.rapnt.com>
> Content-Type: text/plain; charset="us-ascii"
>
> http://aws.typepad.com/aws/2009/08/introducing-amazon-virtual-private-cloud-vpc.html 
>  has a signin form. Rather than "sign" a comment, you just login to  
> the commenting system (and can logout). Unlike google blogging, you  
> don't need to have/retain a blog-side account.
>
> So, I signed in.
>
> First with home_pw.myopenid.com (using my good ol myopenid account).
>
> Second with http://xri.net/@blog*lockbox (the url form of my good ol  
> XRI from freexri.com).
>
> The really interesting part was the second login.
>
>
> a.       The freexri.com OP UX notes the cid, and asks me to confirm  
> that this long number is my identity. ( I just said yes, like the  
> average consumer will). After all, this is all the OP knows about  
> me, on the typepad site, by design.
>
>
>
> b.      After Openid Auth is all done, the commenting form then  
> views me as: contact.freexri.com/contact/@blog*lockbox<mailto:contact.freexri.com/contact/@blog*lockbox 
> > - a URL that presumably folks can use to followup with me about my  
> own rant (seeing as the site is a messaging frontend to my (hidden)  
> emailbox).
>
> Im not real competent enough in XRI and SEP selection parameters to  
> know... but I half believe that if I fiddle around with my XRD  
> enough I - the user! - can actually control the URL shown in (b).
>
> We are almost there! This was  viable, mainstream and has UCI (vs fb- 
> style) features that were generally comprehensible. They gave me  
> what I USED TO THINK OPENID WAS ALL ABOUT (a bit of autonomy from  
> providers).
>
> It also revealed a feature that I don't understand. The XRI variant  
> identity WAS SUPPOSED to do delegation to myopenid rather than the  
> XRI server showing its own login page as an OP. And, it USED TO WORK.
>
> When I look at the config of my XRD (at my freexri.com site), I note:
>
> This i-service [openid] is bound to this specific XRI instead of its  
> authority. This means that it will not be shared by synonyms of this  
> XRI."
>
> Im GUESSING that since the openid consumer focused (per the spec) on  
> the XRI cid rather than XRI synonym I used, the rules in my XRD mean  
> that typepad RP does NOT detect that I have delegation armed (for  
> that synonym).
>
>

More information about the general mailing list