Using XRI Proxy Resolvers in OpenID discovery

Pádraic Brady padraic.brady at yahoo.com
Sat Jul 28 23:53:21 UTC 2007 

Hi Eran,

Not sure I follow what the question is?

Should one use a proxy? Yes. Since it's unlikely any platform will support XRI resolution natively. Should the proxy be used to grab an XRDS document? Yes, if possible, and don't forget about the "Accept: application/xrds+xml" header which a server may use to serve up such a document immediately. Parsing such a document is not necessarily complex though - I found after implementing it in PHP using SimpleXML that it's a lot less complex than the specification would suggest.

I think it's a good idea to grab ALL the XRDS, and not just look for an OpenID 1.1/1.0 sub-element. In the case of failure to locate OpenID 1.1, you then have the full document to see if it's only offering 2.0 (signon/server).

Given you need a full parsing ability, the first option seems to make the most sense. Get as much as possible upfront to avoid any second/third HTTP requests to the User/OP. It's more efficient this way I think - if you are using caching, XRDS lookups shouldn't occur on each and every OpenID authentication process anyway.

Regards,
Pádraic

 
Pádraic Brady
http://blog.astrumfutura.com
http://www.patternsforphp.com


----- Original Message ----
From: Eran Hammer-Lahav <eran at hammer-lahav.net>
To: specs at openid.net
Sent: Saturday, July 28, 2007 6:21:30 PM
Subject: Using XRI Proxy Resolvers in OpenID discovery




 
 

<!--
 _filtered {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;}
 _filtered {font-family:Tahoma;panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;margin-bottom:.0001pt;font-size:11.0pt;font-family:"Calibri", "sans-serif";}
a:link, span.MsoHyperlink
	{color:blue;text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
	{margin:0in;margin-bottom:.0001pt;font-size:8.0pt;font-family:"Tahoma", "sans-serif";}
span.EmailStyle17
	{font-family:"Calibri", "sans-serif";color:windowtext;}
span.BalloonTextChar
	{font-family:"Tahoma", "sans-serif";}
.MsoChpDefault
	{}
 _filtered {margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
	{}
-->






The specification makes a suggestion (section 7.3 bullet 1)
to use a proxy for XRI resolution instead of implementing the XRI resolution
protocol in the Relaying Party. I am not clear as to what extent can / should the
proxy be used for. For example, it can be used to turn ‘=eran’ into
an XRDS document:
 

  
 

http://xri.net/=eran?_xrd_r=application/xrds+xml
 

  
 

Or it can be used to retrieve an OpenID 1.0 service (BTW,
this does not work at xri.net) and save some effort in parsing an XRDS file:
 

  
 

http://xri.freexri.com/=eran?_xrd_r=application/xrd+xml&_xrd_t=http%3a%2f%2fopenid.net%2fsignon%2f1.0
 

  
 

And last, it can be used to avoid XRI and XRDS altogether
(which I doubt is the intention –but one which might be suggested to RP
not implementing XRI if it is indeed optional):
 

  
 

http://xri.net/=eran
 

  
 

Which will redirect to an HTML page with OpenID tags
(assuming the RP doesn’t implement Yadis either).
 

  
 

However, when using the Yadis, the RP still has to have all
the logic of parsing a full XRDS file which can have multiple XRD elements,
multiple services with priority, and multiple URIs with priority (and append
instructions). Does that mean that proxies should only be used for the first
option?
 

  
 

=eran
 










       
____________________________________________________________________________________
Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online.
http://smallbusiness.yahoo.com/webhosting 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20070728/41cdd2cc/attachment-0001.htm>

More information about the specs mailing list