I ran across an OpenId URL endpoint that someone had, that published one XRDS document via its HTTP headers, and a <i>different</i> XRDS doc via its HTML META tags. One doc had the RP discovery information (return_to url), and the other doc had the openid:delegate/LocalId tags in it that delegated authentication to <a href="http://myopenid.com">myopenid.com</a>. I believe that only <i>one</i> doc should be published, nevertheless, I'm curious about how to best deal with the problem since it exists out there...<br>
<br>I noticed that DotNetOpenId (which I develop) reads the first XRDS doc reference it notices and only that doc. The Janrain python library at <a href="http://openidenabled.com">openidenabled.com</a> on the other hand appeared to have either read both docs, or at least successfully found the right doc to get the endpoint information because it successfully authenicated the user, whereas dotnetopenid failed to find the endpoint info.<br>
<br>So to wrap up, my questions are these: <br>1. How valid is a <i>two</i> separate XRDS doc scenario?<br>2. What should an RP do to make sure it works in this case for users? Anything? DotnetOpenId sends an Accept-Content HTTP header, and sometimes gets one of the two XRDS docs back immediately instead of the HTML, so we'd have to make TWO requests just to test for the existence of a reference to a second doc if we wanted to rigorously read both.<br>
<br>Suggestions? ideas?<br clear="all"><br>--<br>Andrew Arnott