[OpenID] user centric delegation vs portability: LRDD : competing threats: the consumer's fear hypothesis

[Manger, James H]

John,



> Host-meta doesn't provide the OP.

> It provides a mapping from some identifier to a XRD for that identifier.

> It is the target XRD for the user that specifies the OP.



Thanks for reminding me of the extra layer of indirection.

That does mean a solution where host-meta takes precedence still has some flexibility to handle, say, a different OP for just a few special OpenID URIs on a site.





Host-meta now uses the XRD syntax. It no longer just looks like a mapping from identifiers to the metadata (XRD) for each identifier. It now looks like common metadata (XRD) for a host of identifiers, optionally with a reference to more identifier-specific metadata (XRD).



If host-meta can say: the ‘describedby’ link for all URIs at this host is xyz; why shouldn’t it say the ‘openid2.provider’ link for all URIs at this host is abc? The semantics seem to work, as long as RPs are looking for this relation in host-meta.



A ‘describedby’ link in an XRD looks like an app-layer version of an HTTP redirect: you can have 0, 1, or more of them. [Perhaps an “@import url(…)” statement in a cascading stylesheet is a better analogy, as it also has issues of merging data from various sources.]

I guess a higher layer, like OpenID, might choose to mandate that “there MUST be exactly 1 level of indirection” (ie host-meta SHALL specify a ‘describedby’ link, but no ‘openid*’ links; whereas an OpenID identifier’s XRD SHALL NOT include a ‘describedby’ link).



James Manger
James.H.Manger at team.telstra.com<mailto:James.H.Manger at team.telstra.com>
Identity and security team — Chief Technology Office — Telstra

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20091028/ab997323/attachment.htm>