<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>As far as I know, the ONLY way for a user to require the user-interaction
with the OP to be over SSL is to exploit delegation (to the OP’s https
endpoint). An RP redirecting the browser to other than the exact OP endpoint
indicated by the (delegating) user is non-conforming, surely?<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I do agree that HTML meta tags are pretty good fall back to XRDS
, since openid2 discovery agents are REQUIRED to support openid1-era metadata
(albeit with modern tags).<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>At the same time, a wizard for making an XRDS file showcasing
the several delegations to your several OPs (where your several openids are the
inputs, initially) doesn’t seem exactly that hard to do! I’m
somewhat amazed no one has done it. Sounds like a day’s project for a
competent programmer (which excludes me). Stuffing the resulting file into your
Google Site is the next step… using the pointer to the resource on Google
Site then makes you your vanity OpenID, surely?<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Breno de Medeiros
[mailto:breno@google.com] <br>
<b>Sent:</b> Thursday, February 05, 2009 3:37 PM<br>
<b>To:</b> Peter Williams<br>
<b>Cc:</b> Johannes Ernst; OpenID List<br>
<b>Subject:</b> Re: [OpenID] User-editable XRDS files?<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'>Is this an interesting problem?<br>
<br>
Advanced users can use XRI. Bloggers can use meta-links and other techniques to
delegate to various OPs that support delegation. What is the market for
user-editable XRDS until other features such as OAuth endpoints for contacts,
etc., are fully supported in XRDS?<br>
<br>
For regular users, the big problem now is how to detect their OP preferences.
If we could assume that we could guess the user's prefered identity and
provider in any situation, and we had needs for more advanced XRDS-supported
discovery (i.e., beyond their OP choice), then this problem carries with it
real-world value.<br>
<br>
When that day comes, I think allowing users to edit their XRDSes will not be
enough. They will want to have privacy controls about which parts of the XRDS
document are visible under what circumstances, possibly controlling this via
OAuth tokens.<o:p></o:p></p>
<div>
<p class=MsoNormal>On Thu, Feb 5, 2009 at 3:05 PM, Peter Williams <<a
href="mailto:pwilliams@rapattoni.com">pwilliams@rapattoni.com</a>> wrote:<o:p></o:p></p>
<p class=MsoNormal>Of course XRI does all this.<br>
<br>
But rather than force folk to go the XRI path "merely" to get
editable XRDS wit delegation entries that are then hosted by site other than a
controlling OP, we can have wizards at webapps do the same.<br>
<br>
XRI should not be the only source of vanity websites. XRI should mainly sell
itself on the portability benefits, not mere vanity XRDS hosting/wizarding.<o:p></o:p></p>
<div>
<p class=MsoNormal><br>
> -----Original Message-----<br>
> From: <a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a>
[mailto:<a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a>]
On<o:p></o:p></p>
</div>
<div>
<div>
<p class=MsoNormal>> Behalf Of Peter Williams<br>
> Sent: Thursday, February 05, 2009 11:41 AM<br>
> To: Johannes Ernst; OpenID List<br>
> Subject: Re: [OpenID] User-editable XRDS files?<br>
><br>
> Ive certainly found none.<br>
><br>
> Now, none of them allow any delegation from the OP hosted XRDS files<br>
> either - that being something one does in the non-OP vanity URL/site<br>
> case (only).<br>
><br>
> What we need is a openid-foundation hosted wizard tool: acting as RP,<br>
> pull several user XRDS's files from n OPs, and formulate a vanity XRDS<br>
> for folks to stuff on their web/file server. It can take as input an<br>
> existing vanity XRDS, so that it can regenerate the vanity XRDS in the<br>
> wizard, with amenedments.<br>
><br>
> > -----Original Message-----<br>
> > From: <a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a>
[mailto:<a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a>]<br>
> On<br>
> > Behalf Of Johannes Ernst<br>
> > Sent: Thursday, February 05, 2009 11:35 AM<br>
> > To: OpenID List<br>
> > Subject: [OpenID] User-editable XRDS files?<br>
> ><br>
> > Which OpenID providers do you know of that let users edit their XRDS<br>
> > files? E.g. to add additional OpenID providers, portable contact<br>
> > providers etc.?<br>
> ><br>
> > I came up empty, so I figured I ask.<br>
> ><br>
> > For OpenID providers: why do you / do you not let your users edit<br>
> those<br>
> > files? (Preferably with a nice GUI on top)<br>
> ><br>
> > Cheers,<br>
> ><br>
> ><br>
> > Johannes.<br>
> ><br>
> ><br>
> ><br>
> > Johannes Ernst<br>
> > NetMesh Inc.<br>
><br>
> _______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@openid.net">general@openid.net</a><br>
> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><o:p></o:p></p>
</div>
</div>
</div>
<p class=MsoNormal><br>
<br clear=all>
<br>
-- <br>
--Breno<br>
<br>
+1 (650) 214-1007 desk<br>
+1 (408) 212-0135 (Grand Central)<br>
MTV-41-3 : 383-A <br>
PST (GMT-8) / PDT(GMT-7)<o:p></o:p></p>
</div>
</div>
</body>
</html>