<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Do whatever you want in HTML. Just keep OpenID configuration in
the XRDS document and nowhere else.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>EHL<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Peter Williams
[mailto:pwilliams@rapattoni.com] <br>
<b>Sent:</b> Thursday, January 08, 2009 9:16 AM<br>
<b>To:</b> Eran Hammer-Lahav; Chris Messina; general@openid.net List<br>
<b>Subject:</b> RE: [OpenID] HTML-Based Discovery incompatibilities<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>In HTML supporting vanity openid URLs, users get to add their
copyrights and legal notices (just like the OPs do). Its much harder to do that
in XML, particularly since XRDS which is a highly constrained profile of XML. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Perhaps we can standardize in the XRDS an extension for (vanity)
users to apply: free form extension encapsulating a blob of HTML?<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Whatever practice is right for an OP or RP or SP, is right for a
user (in UCI).<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>That rule not the case for all multi-party (shared) control
systems, however. It’s not true in public CA trust networks typically (though
CAcert is a notable exception …which typically gets that community
blackballed for being overly-user-centric).<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
general-bounces@openid.net [mailto:general-bounces@openid.net] <b>On Behalf Of </b>Eran
Hammer-Lahav<br>
<b>Sent:</b> Thursday, January 08, 2009 8:56 AM<br>
<b>To:</b> Chris Messina; general@openid.net List<br>
<b>Subject:</b> Re: [OpenID] HTML-Based Discovery incompatibilities<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I would like to see HTML-Based discovery removed from the spec completely.
There is no reason to have it anymore since you can simply add a link to your
XRDS file from HTML and get it all done there in a consistent way.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>In my upcoming discovery spec I spell out that
resource-consumers must support multiple values in the rel attribute.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>EHL<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
general-bounces@openid.net [mailto:general-bounces@openid.net] <b>On Behalf Of </b>Chris
Messina<br>
<b>Sent:</b> Thursday, January 08, 2009 12:59 AM<br>
<b>To:</b> general@openid.net List<br>
<b>Subject:</b> [OpenID] HTML-Based Discovery incompatibilities<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I just read over SS 7.3.3 on HTML-Based Discovery [1], and
considering my experience today trying to re-delegate my OpenID, I've
discovered that this section needs to updated a clarified.<br>
<br>
It turns out that relying parties are not parsing HTML rel values in a standard
way. That is, if there is more than one rel value provided for a link, some RPs
fail, whereas others work fine.<br>
<br>
In other words, this:<br>
<br>
<link rel="<span class=apple-style-span><span
style='background:#FFFF33'>openid2.provider openid.server</span></span>"
href="<a href="http://factoryjoe.com/blog/">http://factoryjoe.com/blog/</a>"
/><br>
<link rel="<span class=apple-style-span><span
style='background:#FFFF33'>openid2.local_id openid.delegate</span></span>"
href="<a href="http://factoryjoe.com/blog/">http://factoryjoe.com/blog/</a>"
/><br>
<br>
is not the same as this:<br>
<br>
<link rel="<span class=apple-style-span><span
style='background:#FFFF33'>openid2.provider</span></span>" href="<a
href="http://factoryjoe.com/blog/?openid_server=1">http://factoryjoe.com/blog/?openid_server=1</a>"
/><br>
<link rel="<span class=apple-style-span><span
style='background:#FFFF33'>openid2.local_id</span></span>" href="<a
href="http://factoryjoe.com/blog/author/factoryjoe/">http://factoryjoe.com/blog/author/factoryjoe/</a>"
/><br>
<link rel="<span class=apple-style-span><span
style='background:#FFFF33'>openid.server</span></span>" href="<a
href="http://factoryjoe.com/blog/?openid_server=1">http://factoryjoe.com/blog/?openid_server=1</a>"
/><br>
<link rel="<span class=apple-style-span><span
style='background:#FFFF33'>openid.delegate</span></span>" href="<a
href="http://factoryjoe.com/blog/author/factoryjoe/">http://factoryjoe.com/blog/author/factoryjoe/</a>"
/><br>
<br>
It's my understanding that the rel attribute should be able to contain several
values.<o:p></o:p></p>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>But I can tell you that IntenseDebate, for example, failed
when delegation was setup using the former code. It only worked when I broke
out the two links into four.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>I'm not sure if this is an issue with the libraries or what,
but I'd like to know if other people have experienced this problem, and if we
can improve the language in the spec to make sure that people understand that
they need to look for the presence of an element in a rel value -- not that the
*entire* value is one element.<o:p></o:p></p>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'>Chris<br>
<br>
[1] <a
href="http://openid.net/specs/openid-authentication-2_0.html#html_disco">http://openid.net/specs/openid-authentication-2_0.html#html_disco</a><br>
<br>
-- <br>
Chris Messina<br>
Citizen-Participant &<br>
Open Web Advocate-at-Large<br>
<br>
<a href="http://factoryjoe.com">factoryjoe.com</a> # <a
href="http://diso-project.org">diso-project.org</a><br>
<a href="http://citizenagency.com">citizenagency.com</a> # <a
href="http://vidoop.com">vidoop.com</a><br>
This email is: [ ] bloggable [X] ask first [ ]
private<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>