[OpenID] OpenID Discovery for Email like identifiers - Draft 0.1

Andrew Arnott andrewarnott at gmail.com
Thu Jun 4 22:51:24 UTC 2009 

LOL.  I just solved the email discovery to XRD problem:

Auto responders.

I log in with andrew at myemail.com, the RP sends an email to that address with
a special subject line.  I have an email auto-responder set up so that when
it sees that subject line it auto-replies with the XRD file.  Woot.

Ok, so if you haven't figured it out I'm semi-kidding here.  SMTP is a store
and forward type protocol and logging in this way would take an
indeterministic amount of time for emails to bounce around. Still, it would
make for a very interesting proof of concept demonstration. :)

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre


On Thu, Jun 4, 2009 at 1:21 PM, Peter Williams <pwilliams at rapattoni.com>wrote:

> There is no open discovery protocol. There is simply use of 2 externally
> defined protocols (yadis and xri resolution).
>
> As it stands, openid auth spec constrains ane canonicalizes c the allowed
> inputs to those protocols, when used.
>
> Are you guys also proposing that an op might discover an rp realm xrd, from
> a rp identified in openid auth that is not either an http/s scheme url or an
> xri?
>
> Will it be mandatory for op to support webfinger, if the rp realm chooses
> to so identify itself?
>
> Why this one and not all the others such as gc and ldap? (apart from, its
> in the news today)
>
> ________________________________
> From: David Fuelling <sappenin at gmail.com>
> Sent: Thursday, June 04, 2009 1:06 PM
> To: Santosh Rajan <santrajan at gmail.com>
> Cc: general at openid.net <general at openid.net>
> Subject: Re: [OpenID] OpenID Discovery for Email like identifiers - Draft
> 0.1
>
> P.S. -- Just to clarify, I don't speak for the WebFinger folks and have
> only been lurking on that list.
>
> On Thu, Jun 4, 2009 at 7:23 PM, David Fuelling <sappenin at gmail.com<mailto:
> sappenin at gmail.com>> wrote:
> Replies inline...
>
> On Thu, Jun 4, 2009 at 5:10 AM, Santosh Rajan <santrajan at gmail.com<mailto:
> santrajan at gmail.com>> wrote:
> The way I see it we are the "end-users" for webfinger and XRD. Their
> objective will be to cater to the our requirements and others like us. We
> need not wait for them to get on with our work. Actually they can use our
> feedback to refine and fine tune their work.
>
> With regard to webfinger, that spec needs to be "specified" before we can
> use it in OpenID 2.1.  My thinking is that it would be helpful to start
> formalizing webfinger since in the OpenID 2.1 spec, there will probably just
> be a single sentence or two saying, "email-like identifiers are supported in
> OpenID discovery by using the webfinger protocol".
>
> From a specification development perspective, I'm not sure there's a lot
> more we need to do on the OpenID side when it comes to email identifiers,
> except resolve any issues relating to IPR.  Do you agree?
>
> That said, how do we resolve the IPR issues surrounding webfinger
> (basically, all the points Chris Messina mentioned in his previous message).
>  To me this hinges on the webfinger folks picking some sort of formalized
> standards process to work in, so that OpenID can use it properly.
>
> If you look at XRD, that's moving forward inside of OASIS.  OAuth is moving
> forward inside of IETF.  There's the OWF, but I'm not sure if they're ready
> to "house" a spec just yet.  And lastly, there's the OpenID Foundation
> (though admitedly this seems like an odd place to house webfinger).
>
> So I think we should form a working group of people like you, who have
> already worked on this, and others who may want to work on this.
>
> But I also agree with Chris's view that we don't need more working groups
> and need to fold this into 2.1.
>
> +1.  I don't think OpenID 2.1 Discovery needs its own working group,
> because I can see that section being only 2 sentences (I'm oversimplifying,
> but you get the idea):
>
>  1.  OpenID discovery can be used on any identifier that is discoverable
> via XRD.
>  2.  Email-like identifier discovery should use webfinger.
>
> The only two reasons i can think of for the need of a separate working
> group
> is to maintain momentum, and to have a group people solely focussed on
> discovery part of 2.1.
>
> I think the people focusing on Discovery are already alive and kicking in
> the XRD TC.  They're going to solve Discovery in a general sort of way,
> allowing OpenID to utilize it in a specific manner.  In essence, the XRD
> folks are doing most of the work already.
>
> Moving forward, we need to figure out how OpenID 2.1 is going to be able to
> use WebFinger.
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090604/6036c892/attachment.htm>

More information about the general mailing list