[OpenID] HTML-Based Discovery incompatibilities

Andrew Arnott andrewarnott at gmail.com
Thu Jan 8 17:37:45 UTC 2009 

Peter,
I'd say what you're missing is that not all HTML is well-formed XML.  If I
shot all HTML that dotnetopenid downloaded through an XML parser,
dotnetopenid code would look wonderful and perfect... and only 20% of HTML
pages with OpenID tags would even be discoverable because the HTML in the
other 80% is not well-formed.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - Voltaire


On Thu, Jan 8, 2009 at 9:05 AM, Peter Williams <pwilliams at rapattoni.com>wrote:

>  I'm missing something (big, obviously).
>
>
>
> If DotNetOpenID can delegate to the platform for https, why cannot it
> delegate to the platform for XML:  just treat the HTML as an XML stream, and
> build a DOM tree using .NET libraries?
>
>
>
>
>
>
>
> *From:* general-bounces at openid.net [mailto:general-bounces at openid.net] *On
> Behalf Of *Andrew Arnott
> *Sent:* Thursday, January 08, 2009 8:56 AM
> *To:* Chris Messina
> *Cc:* general at openid.net List
> *Subject:* Re: [OpenID] HTML-Based Discovery incompatibilities
>
>
>
> Chris,
>
>
>
> While you bring up a good issue, and it is a problem with the libraries, I
> would be against building this into the OpenID spec because this is just
> following the HTML spec, as you point out.  There are many more rules in
> HTML that a good RP discovery library should follow (like ignoring commented
> out HTML tags, javascript, etc.), and these rules don't belong in the OpenID
> spec either, IMO.
>
>
>
> FWIW, dotnetopenid is one library that can handle both formats you listed.
>  But I do not claim that it has a full browser-quality HTML parser.  Just
> like every library, I imagine, I had to choose how much time to invest in
> HTML discovery.  Unless there's a decent open-source HTML parser available
> for C#, I don't think any C# openid library will ever have "perfect" html
> discovery by the HTML spec anyway.
>
>
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - Voltaire
>
>  On Thu, Jan 8, 2009 at 12:58 AM, Chris Messina <chris.messina at gmail.com>
> wrote:
>
> I just read over SS 7.3.3 on HTML-Based Discovery [1], and considering my
> experience today trying to re-delegate my OpenID, I've discovered that this
> section needs to updated a clarified.
>
> It turns out that relying parties are not parsing HTML rel values in a
> standard way. That is, if there is more than one rel value provided for a
> link, some RPs fail, whereas others work fine.
>
> In other words, this:
>
>    <link rel="openid2.provider openid.server" href="
> http://factoryjoe.com/blog/" />
>    <link rel="openid2.local_id openid.delegate" href="
> http://factoryjoe.com/blog/" />
>
> is not the same as this:
>
>    <link rel="openid2.provider" href="
> http://factoryjoe.com/blog/?openid_server=1" />
>    <link rel="openid2.local_id" href="
> http://factoryjoe.com/blog/author/factoryjoe/" />
>    <link rel="openid.server" href="
> http://factoryjoe.com/blog/?openid_server=1" />
>    <link rel="openid.delegate" href="
> http://factoryjoe.com/blog/author/factoryjoe/" />
>
> It's my understanding that the rel attribute should be able to contain
> several values.
>
>
>
> But I can tell you that IntenseDebate, for example, failed when delegation
> was setup using the former code. It only worked when I broke out the two
> links into four.
>
>
>
> I'm not sure if this is an issue with the libraries or what, but I'd like
> to know if other people have experienced this problem, and if we can improve
> the language in the spec to make sure that people understand that they need
> to look for the presence of an element in a rel value -- not that the
> *entire* value is one element.
>
>
>
> Chris
>
> [1] http://openid.net/specs/openid-authentication-2_0.html#html_disco
>
> --
> Chris Messina
> Citizen-Participant &
>  Open Web Advocate-at-Large
>
> factoryjoe.com # diso-project.org
> citizenagency.com # vidoop.com
> This email is:   [ ] bloggable    [X] ask first   [ ] private
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090108/dabab263/attachment-0002.htm>

More information about the general mailing list