[OpenID] HTML-Based Discovery incompatibilities

David Recordon drecordon at sixapart.com
Thu Jan 8 19:13:20 UTC 2009 

That is assuming that your provider has an easy to find XRDS file for  
you that contains the needed tags to make delegation work.  I also  
like the approach proposed by Tantek last year of having one tag <link  
rel="openid.delegate" href="https://daveman692.pip.verisignlabs.com/" / 
 > which would cause the RP to fetch the delegated URL and perform  
discovery on it.  I thus would only need to know the URL that is  
actually my OpenID versus having to do any digging to find a more  
specific discovery URL from my provider and not need to change tags to  
add support for future versions, etc.  The downside is this adds one  
more fetch to make it work.

--David

On Jan 8, 2009, at 8:55 AM, Eran Hammer-Lahav wrote:

> I would like to see HTML-Based discovery removed from the spec  
> completely. There is no reason to have it anymore since you can  
> simply add a link to your XRDS file from HTML and get it all done  
> there in a consistent way.
>
> In my upcoming discovery spec I spell out that resource-consumers  
> must support multiple values in the rel attribute.
>
> EHL
>
> From: general-bounces at openid.net [mailto:general-bounces at openid.net]  
> On Behalf Of Chris Messina
> Sent: Thursday, January 08, 2009 12:59 AM
> To: general at openid.net List
> Subject: [OpenID] HTML-Based Discovery incompatibilities
>
> I just read over SS 7.3.3 on HTML-Based Discovery [1], and  
> considering my experience today trying to re-delegate my OpenID,  
> I've discovered that this section needs to updated a clarified.
>
> It turns out that relying parties are not parsing HTML rel values in  
> a standard way. That is, if there is more than one rel value  
> provided for a link, some RPs fail, whereas others work fine.
>
> In other words, this:
>
>    <link rel="openid2.provider openid.server" href="http://factoryjoe.com/blog/ 
> " />
>    <link rel="openid2.local_id openid.delegate" href="http://factoryjoe.com/blog/ 
> " />
>
> is not the same as this:
>
>    <link rel="openid2.provider" href="http://factoryjoe.com/blog/?openid_server=1 
> " />
>    <link rel="openid2.local_id" href="http://factoryjoe.com/blog/author/factoryjoe/ 
> " />
>    <link rel="openid.server" href="http://factoryjoe.com/blog/?openid_server=1 
> " />
>    <link rel="openid.delegate" href="http://factoryjoe.com/blog/author/factoryjoe/ 
> " />
>
> It's my understanding that the rel attribute should be able to  
> contain several values.
>
> But I can tell you that IntenseDebate, for example, failed when  
> delegation was setup using the former code. It only worked when I  
> broke out the two links into four.
>
> I'm not sure if this is an issue with the libraries or what, but I'd  
> like to know if other people have experienced this problem, and if  
> we can improve the language in the spec to make sure that people  
> understand that they need to look for the presence of an element in  
> a rel value -- not that the *entire* value is one element.
>
> Chris
>
> [1] http://openid.net/specs/openid-authentication-2_0.html#html_disco
>
> -- 
> Chris Messina
> Citizen-Participant &
>  Open Web Advocate-at-Large
>
> factoryjoe.com # diso-project.org
> citizenagency.com # vidoop.com
> This email is:   [ ] bloggable    [X] ask first   [ ] private
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090108/dda92fb8/attachment-0002.htm>

More information about the general mailing list