[OpenID] metadata/annotations in the primary key

[Drummond Reed]

> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Peter Williams
> Sent: Wednesday, June 24, 2009 4:24 PM
> To: general at openid.net
> Subject: [OpenID] metadata/annotations in the primary key
> 
> we typically say that a good RP would use the validated localid as its
> primary key, especially in the delegation flows.
> 
> If the OP-managed XRD resolved using openid.identity has a localid with an
> undecorated/un-annotated persistent XRI, and the XRD at the vanity URL of
> the user has a decorated/annotated XRI, and the 2 sequences of these XRIs
> persistent id segments are otherwise identical, which one acts as the
> primary key?
> 
> Is there an assumption that the RP should be using the canonical form of
> the (persistent) identifier?
> 
> for example, in the XRD at my vanity URL, I'm annotating the persistent
> XRI present in the my own OP SEP's localid field with identifier-metadata
> - in my own extension namespace. Having declared my own metadata
> field/syntax/type, I attach 2 public key values. (I'm tempted to simply
> attach a cert, in base64!).
> 
> Question is....is the metadata (public keys) now part of the primary key
> at the RP?

Peter, I don't think I understand your question. Based on the claimed
identifier the user gives the RP, any particular OpenID transaction will
only use one of the two XRDs you describe, i.e., either the OP-managed XRD,
or the user's own XRD at their vanity URL.

If the claimed identifier the user gives the RP is a URL, then the claimed
identifier is the final URL after redirects. If the claimed identifier is an
XRI, then the claimed identifier is the CanonicalID from the XRD.

When a LocalID is asserted in an XRD, it is just a temporary key used by the
OP for mapping the user's claimed identifier to the OP's primary key for the
user, and should never be used by the RP for anything else.

That's my understanding.

=Drummond