<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div>I agree that making it easier for the pair (RP, user) to convey which IdP is probably higher up in the priority list.</div><div><br></div><div>However, many of us have dreamt of the day when I can authenticate at some site in a standard way that then discovers interesting services that I have chosen to add value for me at that site. For example:</div><div> - which bookmarking service I use</div><div> - where my photos are</div><div> - where my social network is</div><div>etc.etc. ... and, as Andy pointed out today, where a site that offers such a service can "insert" itself, with my consent, into my XRDS file.</div><div><br></div><div>The market for that today is zero. But then, we don't have the technology to enable it to be more than zero. What it would be if the technology was there is anybody's guess. A bunch of news sites, for example, might adopt OpenID for the purposes of making it easier for their users to bookmark articles, rather than authentication. </div><div><br></div><div>Re access control on XRDS, I think there are several schools of thought ;-), one of which is what you are outlining.</div><div><br></div><div><br></div><div>On Feb 5, 2009, at 15:36, Breno de Medeiros wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Is this an interesting problem?<br><br>Advanced users can use XRI. Bloggers can use meta-links and other techniques to delegate to various OPs that support delegation. What is the market for user-editable XRDS until other features such as OAuth endpoints for contacts, etc., are fully supported in XRDS?<br> <br>For regular users, the big problem now is how to detect their OP preferences. If we could assume that we could guess the user's prefered identity and provider in any situation, and we had needs for more advanced XRDS-supported discovery (i.e., beyond their OP choice), then this problem carries with it real-world value.<br> <br>When that day comes, I think allowing users to edit their XRDSes will not be enough. They will want to have privacy controls about which parts of the XRDS document are visible under what circumstances, possibly controlling this via OAuth tokens.<br> <br><div class="gmail_quote">On Thu, Feb 5, 2009 at 3:05 PM, Peter Williams <span dir="ltr"><<a href="mailto:pwilliams@rapattoni.com">pwilliams@rapattoni.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Of course XRI does all this.<br> <br> But rather than force folk to go the XRI path "merely" to get editable XRDS wit delegation entries that are then hosted by site other than a controlling OP, we can have wizards at webapps do the same.<br> <br> XRI should not be the only source of vanity websites. XRI should mainly sell itself on the portability benefits, not mere vanity XRDS hosting/wizarding.<br> <div class="Ih2E3d"><br> > -----Original Message-----<br> > From: <a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a> [mailto:<a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a>] On<br> </div><div><div></div><div class="Wj3C7c">> Behalf Of Peter Williams<br> > Sent: Thursday, February 05, 2009 11:41 AM<br> > To: Johannes Ernst; OpenID List<br> > Subject: Re: [OpenID] User-editable XRDS files?<br> ><br> > Ive certainly found none.<br> ><br> > Now, none of them allow any delegation from the OP hosted XRDS files<br> > either - that being something one does in the non-OP vanity URL/site<br> > case (only).<br> ><br> > What we need is a openid-foundation hosted wizard tool: acting as RP,<br> > pull several user XRDS's files from n OPs, and formulate a vanity XRDS<br> > for folks to stuff on their web/file server. It can take as input an<br> > existing vanity XRDS, so that it can regenerate the vanity XRDS in the<br> > wizard, with amenedments.<br> ><br> > > -----Original Message-----<br> > > From: <a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a> [mailto:<a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a>]<br> > On<br> > > Behalf Of Johannes Ernst<br> > > Sent: Thursday, February 05, 2009 11:35 AM<br> > > To: OpenID List<br> > > Subject: [OpenID] User-editable XRDS files?<br> > ><br> > > Which OpenID providers do you know of that let users edit their XRDS<br> > > files? E.g. to add additional OpenID providers, portable contact<br> > > providers etc.?<br> > ><br> > > I came up empty, so I figured I ask.<br> > ><br> > > For OpenID providers: why do you / do you not let your users edit<br> > those<br> > > files? (Preferably with a nice GUI on top)<br> > ><br> > > Cheers,<br> > ><br> > ><br> > > Johannes.<br> > ><br> > ><br> > ><br> > > Johannes Ernst<br> > > NetMesh Inc.<br> ><br> > _______________________________________________<br> > general mailing list<br> > <a href="mailto:general@openid.net">general@openid.net</a><br> > <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br> _______________________________________________<br> general mailing list<br> <a href="mailto:general@openid.net">general@openid.net</a><br> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br> </div></div></blockquote></div><br><br clear="all"><br>-- <br>--Breno<br><br>+1 (650) 214-1007 desk<br>+1 (408) 212-0135 (Grand Central)<br>MTV-41-3 : 383-A <br>PST (GMT-8) / PDT(GMT-7)<br></blockquote></div><br></body></html>