[OpenID] User-editable XRDS files?

Johannes Ernst jernst+openid.net at netmesh.us
Fri Feb 6 04:34:33 UTC 2009 

I agree that making it easier for the pair (RP, user) to convey which  
IdP is probably higher up in the priority list.

However, many of us have dreamt of the day when I can authenticate at  
some site in a standard way that then discovers interesting services  
that I have chosen to add value for me at that site. For example:
  - which bookmarking service I use
  - where my photos are
  - where my social network is
etc.etc. ... and, as Andy pointed out today, where a site that offers  
such a service can "insert" itself, with my consent, into my XRDS file.

The market for that today is zero. But then, we don't have the  
technology to enable it to be more than zero. What it would be if the  
technology was there is anybody's guess. A bunch of news sites, for  
example, might adopt OpenID for the purposes of making it easier for  
their users to bookmark articles, rather than authentication.

Re access control on XRDS, I think there are several schools of  
thought ;-), one of which is what you are outlining.


On Feb 5, 2009, at 15:36, Breno de Medeiros wrote:

> Is this an interesting problem?
>
> Advanced users can use XRI. Bloggers can use meta-links and other  
> techniques to delegate to various OPs that support delegation. What  
> is the market for user-editable XRDS until other features such as  
> OAuth endpoints for contacts, etc., are fully supported in XRDS?
>
> For regular users, the big problem now is how to detect their OP  
> preferences. If we could assume that we could guess the user's  
> prefered identity and provider in any situation, and we had needs  
> for more advanced XRDS-supported discovery (i.e., beyond their OP  
> choice), then this problem carries with it real-world value.
>
> When that day comes, I think allowing users to edit their XRDSes  
> will not be enough. They will want to have privacy controls about  
> which parts of the XRDS document are visible under what  
> circumstances, possibly controlling this via OAuth tokens.
>
> On Thu, Feb 5, 2009 at 3:05 PM, Peter Williams <pwilliams at rapattoni.com 
> > wrote:
> Of course XRI does all this.
>
> But rather than force folk to  go the XRI path "merely" to get  
> editable XRDS wit delegation entries that are then hosted by site  
> other than a controlling OP, we can have wizards at webapps do the  
> same.
>
> XRI should not be the only source of vanity websites. XRI should  
> mainly sell itself on the portability benefits, not mere vanity XRDS  
> hosting/wizarding.
>
> > -----Original Message-----
> > From: general-bounces at openid.net [mailto:general- 
> bounces at openid.net] On
> > Behalf Of Peter Williams
> > Sent: Thursday, February 05, 2009 11:41 AM
> > To: Johannes Ernst; OpenID List
> > Subject: Re: [OpenID] User-editable XRDS files?
> >
> > Ive certainly found none.
> >
> > Now, none of them allow any delegation from the OP hosted XRDS files
> > either - that being something one does in the non-OP vanity URL/site
> > case (only).
> >
> > What we need is a openid-foundation hosted wizard tool: acting as  
> RP,
> > pull several user XRDS's files from n OPs, and formulate a vanity  
> XRDS
> > for folks to stuff on their web/file server. It can take as input an
> > existing vanity XRDS, so that it can regenerate the vanity XRDS in  
> the
> > wizard, with amenedments.
> >
> > > -----Original Message-----
> > > From: general-bounces at openid.net [mailto:general-bounces at openid.net 
> ]
> > On
> > > Behalf Of Johannes Ernst
> > > Sent: Thursday, February 05, 2009 11:35 AM
> > > To: OpenID List
> > > Subject: [OpenID] User-editable XRDS files?
> > >
> > > Which OpenID providers do you know of that let users edit their  
> XRDS
> > > files? E.g. to add additional OpenID providers, portable contact
> > > providers etc.?
> > >
> > > I came up empty, so I figured I ask.
> > >
> > > For OpenID providers: why do you / do you not let your users edit
> > those
> > > files? (Preferably with a nice GUI on top)
> > >
> > > Cheers,
> > >
> > >
> > > Johannes.
> > >
> > >
> > >
> > > Johannes Ernst
> > > NetMesh Inc.
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
>
> -- 
> --Breno
>
> +1 (650) 214-1007 desk
> +1 (408) 212-0135 (Grand Central)
> MTV-41-3 : 383-A
> PST (GMT-8) / PDT(GMT-7)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090205/b9e7cf24/attachment-0002.htm>

More information about the general mailing list