OpenID Login Page Link Tag

Drummond Reed drummond.reed at cordance.net
Fri Oct 20 04:47:34 UTC 2006 

I initially agreed as well. But to play devil's advocate, the link-to-XRDS
option could actually be pretty efficient. Any HTML page could simply
advertise the availability of its Yadis XRDS file using an XRDS link in the
header. Assuming that many or all of the pages on a site would be covered by
the same XRDS file, the browser would only need to download it once to cover
the entire site. The XRDS would expire (using the same cache control that
XRI resolvers use) and be refreshed as needed.

This is the architecture that P3P used
(http://www.w3.org/TR/P3P/#ref_syntax). 

The XRDS file could provide discovery of multiple services representing the
RP, not just the login page.

=Drummond 

-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On Behalf
Of Recordon, David
Sent: Thursday, October 19, 2006 8:24 PM
To: Chris Drake; Johannes Ernst
Cc: specs at openid.net
Subject: RE: Re[2]: OpenID Login Page Link Tag (was RE: PROPOSAL:
OpenIDFormClarification (A.4))

I think I'd have to agree.  Been thinking about this a lot recently and
the overhead within Yadis seems unreasonable for a browser to perform
against a RP.  Technically the RP could not have anything in the HTML
meaning the browser would have to do Yadis on every page view.

I'd be inclined to use a link tag, at least for the time being, to
discover relying parties.

--David 

-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Chris Drake
Sent: Thursday, October 19, 2006 10:45 PM
To: Johannes Ernst
Cc: specs at openid.net
Subject: Re[2]: OpenID Login Page Link Tag (was RE: PROPOSAL: OpenID
FormClarification (A.4))

Hi Johannes,

No - Yadis is inappropriate because user agents need to be able to
identify an OpenID login page (and endpoint if possible) *without*
accessing other resources.

Kind Regards,
Chris Drake


Friday, October 20, 2006, 10:33:40 AM, you wrote:

JE> Isn't this a case where the Yadis infrastructure should be used 
JE> instead of Yet Another Link Tag?


JE> On Oct 19, 2006, at 8:21, Drummond Reed wrote:

>> Martin, I agree with Dick, this is a fascinating idea. P3P had the
>> same idea
>> notion for a site advertising the location of the P3P privacy  
>> policy: it
>> defined a standard HTML/XHTML link tag that could be put on any  
>> page of a
>> site that told the browser where to locate the P3P policy document
>> for the
>> site (or for any portion of the site).
>>
>> 	http://www.w3.org/TR/P3P/#ref_syntax
>>
>> Are you proposing the same thing for OpenID login?
>>
>> (Kewl!)
>>
>> =Drummond
>>
>> -----Original Message-----
>> From: specs-bounces at openid.net
>> [mailto:specs-bounces at openid.net] On  
>> Behalf
>> Of Dick Hardt
>> Sent: Thursday, October 19, 2006 12:53 AM
>> To: Martin Atkins
>> Cc: specs at openid.net
>> Subject: Re: PROPOSAL: OpenID Form Clarification (A.4)
>>
>>
>> On 19-Oct-06, at 12:35 AM, Martin Atkins wrote:
>>
>>> Dick Hardt wrote:
>>>>
>>>> In order for the RUA to detect that a site supports OpenID, it  
>>>> sees a
>>>> form with a single input with a "name" of openid_identiifier. The
>>>> RUA
>>>> can then look at the action and post the data directly to the RP.
>>>>
>>>
>>> I think it'd be better to implement this as either a META or a LINK
>>> element alongside a standard protocol for communicating with the
>>> nominated URL.
>>>
>>> This way the site can declare on *all pages*, rather than on the
>>> forms-based login page, that it accepts OpenID auth. This allows the
>>> user to go to the RP's home page (or any other page) and click the
>>> "OpenID Login" button on the browser's toolbar and have it work.
>>
>> That is an interesting idea. Would you like to take a stab at more
>> specifics?
>>
>> -- Dick
>> _______________________________________________
>> specs mailing list
>> specs at openid.net
>> http://openid.net/mailman/listinfo/specs
>>
>> _______________________________________________
>> specs mailing list
>> specs at openid.net
>> http://openid.net/mailman/listinfo/specs

JE> Johannes Ernst
JE> NetMesh Inc.




_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs

_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs

More information about the specs mailing list