<HTML dir=ltr><HEAD></HEAD>
<BODY style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space">
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV dir=ltr><FONT face=Arial size=2>I was nicely able to use a third party XRI server to control both OP selection and delegation handling to RPs, in trials conducted a few months ago.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV id=idSignature6619 dir=ltr>
<DIV><FONT face=Arial color=#000000 size=2><SPAN style="FONT-SIZE: 7.5pt">_________________________<BR></SPAN><B>Peter Williams<BR></B></FONT><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Nate Klingenstein<BR><B>Sent:</B> Fri 5/30/2008 8:02 AM<BR><B>To:</B> Babu.N<BR><B>Cc:</B> general@openid.net<BR><B>Subject:</B> Re: [OpenID] query regarding OP migration<BR></FONT><BR></DIV></DIV></BLOCKQUOTE>
<DIV dir=ltr>I do remember being a little confused by the XRI model as it related to delegation at the time, having said the above.</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>I remember applying the "forwarding i-service" of the authoritative XRI provider for my name. As I recall I tried to (1). forward my XRI to another XRI, and (2) forward my XRI to an URL (non-HXRI). In both cases, I was attempting to "configure OpenID2 delegation."</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>In the latter case, the XRI resolver algorithm did seem to implement the YADIS variant of OpenID delegation as one expects - and it emulated the behavior of simple metadata tags in HTML files perfectly. I thus built up, right or wrong, the mental model that the _standard_ "forwarding" i-service _is_ how one i supposed to configure openid delegation in the OpenID2 world. However, I struggled to confirm this finding from theory or authoritative description.</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>
<DIV dir=ltr>In the former case, I was expecting the XRI resolver algorithm to cause the XRI server itself to do recursive querying, rather than put the load on the client resolver code. I don't think either happened. As I recall, the particular XRI server was incomplete in it handling, and just bombed. I never really found out if (a) the requirement was improper (b) the OpenID model cannot handle this, (c) client resolver was remiss, (d) the particular HXRI proxy was inadequate, (e) Peter is still just way to ignorant to fully comprehend OpenID2.</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>I think I abandoned practical work on XRI before I got to the other half of the equation, using XRI resolution to perform SP discovery. I got sidetracked by building the Shibboleths SP codebase, so it could mint and validate the assertions I would need for XRI's trusted resolution mode (and use Shibboleth's ECP profile to could validate a proposal for applying SSO to profile of http used in US realty that correctly does NOT require the (non-browser) UA to process redirects!)</DIV></DIV></BODY></HTML>