[OpenID] User-editable XRDS files?

Peter Williams pwilliams at rapattoni.com
Fri Feb 6 00:27:37 UTC 2009 

Delegation is surely well defined: the user-controlled act of nominating typically several OPs as assertion providers, with the intended result that the RP binds its user session to the openid/URL from which the vanity XRDS is retrieved vs the claimedId from the assertion issues by the RP's choice of OP (if several are discovered)

Since an XRDS at vidoop is necessarily a public resource, would you have any problem in the user pulling the stream and storing that vidoop-managed user-XRDS now on some Google Site, using and editor to add other service elements (delegating to google OP, say), and now using the Google Sites URL to that stored file as their openid?

Surely, we would see a simple website wizard doing the above in automated fashion!

One thing Ive never been clear on, is raised in this topic, though! If an XRDS delegates to an openid, whose XRDS delegates to an openid, whose XRDS delegates to an openid, whose ... does the discovery library in the RP really walk this chain indefinitely? Even if it loops?


> -----Original Message-----
> From: Sam Alexander [mailto:sam.alexander at vidoop.com]
> Sent: Thursday, February 05, 2009 4:12 PM
> To: Peter Williams
> Cc: Johannes Ernst; OpenID List
> Subject: Re: [OpenID] User-editable XRDS files?
>
> That depends what you mean by delegation.  myVidoop does allow
> delegation to another OP via Service nodes in the myVidoop hosted
> XRDS.  The RP must still perform initial discovery on myVidoop's
> hosted XRDS, though.
>
> As far as I know, there are no OPs who allow users to circumvent
> hosting their user XRDS files on the OP.
>
> Sam Alexander
>
> On Feb 5, 2009, at 11:40 AM, Peter Williams wrote:
>
> > Ive certainly found none.
> >
> > Now, none of them allow any delegation from the OP hosted XRDS files
> > either - that being something one does in the non-OP vanity URL/site
> > case (only).
> >
> > What we need is a openid-foundation hosted wizard tool: acting as
> > RP, pull several user XRDS's files from n OPs, and formulate a
> > vanity XRDS for folks to stuff on their web/file server. It can take
> > as input an existing vanity XRDS, so that it can regenerate the
> > vanity XRDS in the wizard, with amenedments.
> >
> >> -----Original Message-----
> >> From: general-bounces at openid.net [mailto:general-
> >> bounces at openid.net] On
> >> Behalf Of Johannes Ernst
> >> Sent: Thursday, February 05, 2009 11:35 AM
> >> To: OpenID List
> >> Subject: [OpenID] User-editable XRDS files?
> >>
> >> Which OpenID providers do you know of that let users edit their XRDS
> >> files? E.g. to add additional OpenID providers, portable contact
> >> providers etc.?
> >>
> >> I came up empty, so I figured I ask.
> >>
> >> For OpenID providers: why do you / do you not let your users edit
> >> those
> >> files? (Preferably with a nice GUI on top)
> >>
> >> Cheers,
> >>
> >>
> >> Johannes.
> >>
> >>
> >>
> >> Johannes Ernst
> >> NetMesh Inc.
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general

More information about the general mailing list