[PROPOSAL] Separate Public Identifier from IdP Identifier

Martin Atkins mart at degeneration.co.uk
Fri Oct 6 23:59:50 UTC 2006


Kevin Turner wrote:
>>From http://www.lifewiki.net/openid/SeparateIdentifierFromIdPToken
> (change #3):
>> Impact on XRI-based auth:
>>
>> An XRI is, for this purpose, a URI that can be resolved into a URL at
>> which we can do Yadis discovery. Once Yadis discovery begins, flow
>> continues as in the original proposal, where openid:Token can be any
>> URI.
> 
> It's unclear to me whether you intended this to be a change from the
> current specification or not, but it is.  Yadis discovery on URLs
> resolved from XRIs is considered redundant, as there's nothing about
> Yadis discovery that can't be done while resolving the XRI.  Since Yadis
> uses the XRI resolution response format, you even get to use the same
> code.
> 
> So was it your intention to add an extra layer to discovery here, or
> should the above section be reworded?

Sorry. That was sloppy.

I did not intend there to be any change at all. By "Yadis discovery", I 
only meant to say that the RP would look for the relevant service element.

My intention for this proposal has always been to not change anything at 
all beyond terminology, with the exception that openid:Delegate (which 
now has a new name) is required. I only changed it to required to 
reinforce the fact that it is distinct from the public identifier, and 
thus (hopefully) to make the spec easier to understand by removing a 
special case.




More information about the specs mailing list