LOL. I just solved the email discovery to XRD problem:<br><br>Auto responders.<br><br>I log in with <a href="mailto:andrew@myemail.com" target="_blank">andrew@myemail.com</a>, the RP sends an email to that address with a special subject line. I have an email auto-responder set up so that when it sees that subject line it auto-replies with the XRD file. Woot.<br>
<br>Ok, so if you haven't figured it out I'm semi-kidding here. SMTP is a store and forward type protocol and logging in this way would take an indeterministic amount of time for emails to bounce around. Still, it would make for a very interesting proof of concept demonstration. :)<br>
<br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">On Thu, Jun 4, 2009 at 1:21 PM, Peter Williams <span dir="ltr"><<a href="mailto:pwilliams@rapattoni.com" target="_blank">pwilliams@rapattoni.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
There is no open discovery protocol. There is simply use of 2 externally defined protocols (yadis and xri resolution).<br>
<br>
As it stands, openid auth spec constrains ane canonicalizes c the allowed inputs to those protocols, when used.<br>
<br>
Are you guys also proposing that an op might discover an rp realm xrd, from a rp identified in openid auth that is not either an http/s scheme url or an xri?<br>
<br>
Will it be mandatory for op to support webfinger, if the rp realm chooses to so identify itself?<br>
<br>
Why this one and not all the others such as gc and ldap? (apart from, its in the news today)<br>
<br>
________________________________<br>
From: David Fuelling <<a href="mailto:sappenin@gmail.com" target="_blank">sappenin@gmail.com</a>><br>
Sent: Thursday, June 04, 2009 1:06 PM<br>
To: Santosh Rajan <<a href="mailto:santrajan@gmail.com" target="_blank">santrajan@gmail.com</a>><br>
Cc: <a href="mailto:general@openid.net" target="_blank">general@openid.net</a> <<a href="mailto:general@openid.net" target="_blank">general@openid.net</a>><br>
<div>Subject: Re: [OpenID] OpenID Discovery for Email like identifiers - Draft 0.1<br>
<br>
</div><div>P.S. -- Just to clarify, I don't speak for the WebFinger folks and have only been lurking on that list.<br>
<br>
</div><div>On Thu, Jun 4, 2009 at 7:23 PM, David Fuelling <<a href="mailto:sappenin@gmail.com" target="_blank">sappenin@gmail.com</a><mailto:<a href="mailto:sappenin@gmail.com" target="_blank">sappenin@gmail.com</a>>> wrote:<br>
Replies inline...<br>
<br>
</div><div>On Thu, Jun 4, 2009 at 5:10 AM, Santosh Rajan <<a href="mailto:santrajan@gmail.com" target="_blank">santrajan@gmail.com</a><mailto:<a href="mailto:santrajan@gmail.com" target="_blank">santrajan@gmail.com</a>>> wrote:<br>
The way I see it we are the "end-users" for webfinger and XRD. Their<br>
objective will be to cater to the our requirements and others like us. We<br>
need not wait for them to get on with our work. Actually they can use our<br>
feedback to refine and fine tune their work.<br>
<br>
With regard to webfinger, that spec needs to be "specified" before we can use it in OpenID 2.1. My thinking is that it would be helpful to start formalizing webfinger since in the OpenID 2.1 spec, there will probably just be a single sentence or two saying, "email-like identifiers are supported in OpenID discovery by using the webfinger protocol".<br>
<br>
>From a specification development perspective, I'm not sure there's a lot more we need to do on the OpenID side when it comes to email identifiers, except resolve any issues relating to IPR. Do you agree?<br>
<br>
That said, how do we resolve the IPR issues surrounding webfinger (basically, all the points Chris Messina mentioned in his previous message). To me this hinges on the webfinger folks picking some sort of formalized standards process to work in, so that OpenID can use it properly.<br>
<br>
If you look at XRD, that's moving forward inside of OASIS. OAuth is moving forward inside of IETF. There's the OWF, but I'm not sure if they're ready to "house" a spec just yet. And lastly, there's the OpenID Foundation (though admitedly this seems like an odd place to house webfinger).<br>
<br>
So I think we should form a working group of people like you, who have<br>
already worked on this, and others who may want to work on this.<br>
<br>
But I also agree with Chris's view that we don't need more working groups<br>
and need to fold this into 2.1.<br>
<br>
+1. I don't think OpenID 2.1 Discovery needs its own working group, because I can see that section being only 2 sentences (I'm oversimplifying, but you get the idea):<br>
<br>
</div> 1. OpenID discovery can be used on any identifier that is discoverable via XRD.<br>
2. Email-like identifier discovery should use webfinger.<br>
<div><br>
The only two reasons i can think of for the need of a separate working group<br>
is to maintain momentum, and to have a group people solely focussed on<br>
discovery part of 2.1.<br>
<br>
I think the people focusing on Discovery are already alive and kicking in the XRD TC. They're going to solve Discovery in a general sort of way, allowing OpenID to utilize it in a specific manner. In essence, the XRD folks are doing most of the work already.<br>
<br>
Moving forward, we need to figure out how OpenID 2.1 is going to be able to use WebFinger.<br>
<br>
</div><div><div></div><div>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br>