Differentiating between User Identifier and OP Identifier

Tue Jul 31 03:08:15 UTC 2007

On 28-Jul-07, at 10:00 AM, Eran Hammer-Lahav wrote:
> Section 7.3.1:
>
> "If more than one set of the following information has been  
> discovered, the
> precedence rules defined in [XRI_Resolution_2.0] are to be applied."
>
> This somewhat confusing when combined with section 7.3.2.2:
>
> "Once the Relaying Party has obtained an XRDS document, is MUST  
> first search
> the document (following the rules described in  
> [XRI_Resolution_2.0]) for an
> OP Identifier Element."

It's the same thing, stated in two different places: 7.3 / 7.3.1 are  
an overview / introduction of the discovery process, while 7.3.2.2 is  
specific to the XRDS discovery.

> My confusion comes from the fact the spec is not clear about what  
> makes a
> valid XRDS document used for OpenID discovery.

Not sure 'valid' is the right term here. If the RP obtains an XRDS,  
it may or may not be able to extract an OP Identifier Element or a  
Claimed Identifier Element.

If it can't, the RP is required to fall back to HTML discovery.

> In this case, it sounds like
> an XRDS document MUST no include both an OP Endpoint element and a  
> Claimed
> Identifier element.

I don't see this implied anywhere. Do you have a specific pointer or  
a clear reasoning for this?

> If it has both, and the Claimed Identifier Service
> Element has a higher priority, what does that mean?

It's the other way around: the OP Identifier Element has higher  
priority, so the Claimed Identifier Element doesn't get used in such  
a case.

> Remove section 7.3.2.2 and move its content to the end of 7.3.2. It  
> makes a
> better introduction to the two possible elements and their  
> relationship.

It would then use terms that have not been defined / explained yet  
(OP Identifier Element / Claimed Identifier Element).

> Section 7.3.2.3 is confusing:
> 1. Does it only apply to XRI identifiers, not to XRDS documents  
> found during
> Yadis discovery?

Yes: "When the identifier is an XRI...".

> 2. It seems to only apply to Claimed Identifier Element - maybe it  
> should
> merge into section 7.3.2.1.2?

Yes, the canonical id is used only when there is a claimed identifier  
(an OP Identifier was not discovered).

Not sure moving it would be good - the previous subsections outline  
the flow of processing the discovered information. Inserting the  
XRI / canonical id special case in the middle of it would make it  
harder to read / understand I believe.

> 3. It would be helpful to explain or reference how the RP can  
> confirm the
> authorities listed in the 2nd paragraph. I read a couple of long  
> threads on
> this list regarding this, but did not see a resolution.

The XRI people are still working on it and the details should be  
available in the soon-to-be-published draft 12 of the XRI Resolution.  
Agree that a the XRI Resolution should be referenced from this  
paragraph.

> 4. The first line of the third paragraph is not needed.

True, the same MUST is in the second phrase of the first paragraph.

> 5. The section briefly explains the <CanonicalID> tag, but not the
> <ProviderID> tag. A one line context of the <ProviderID> tag would  
> help.

> 6. Last line is confusing. Where would a <CanonicalID> come from if  
> using a
> URL identifier? This entire section is under XRDS discovery. Does  
> it refer
> to the URL used in a Yadis discovery (I assume not)?

What made you think a canonical id is needed for URLs? It is not --  
for URLs the claimed identifier is determined as described in the  
normalization section.

> Section 7.3.2.4 says "...no longer used..." but it is not clean  
> where was it
> used before? The only spec I read prior this this one was the  
> OpenID 1.1
> which does not make use of XRDS documents.

True, however there are OpenID 1.1 deployments that use Yadis / XRDS.  
(The openid namespace was used in Yadis for the delegate element.)

> Move the first paragraph of section 7.3.3 to the end of section  
> 7.3.1. It
> will explain which discovery process is used for each of the possible
> identity types.

This is outlined just before that, in the discovery overview section  
- 7.3.

> Also, from "HTML-Based discovery MUST be supported by
> Relaying Parties" is sounds like XRDS discovery is not required.

How do you come to this conclusion?

> If this is true, it should be made much clearer and provide  
> guidelines of the proper
> reply to the user when the RP only supports HTML discovery.

It's false actually. Following the flow of discovery on the XRDS  
path, at 7.3 bullet 2 there is a SHALL  (which is the same as REQUIRED).

The statement above is in the HTML discovery section and applies only  
to HTML discovery. Not sure how / why you tend to apply or draw  
implications about the XRDS discovery from it.

Johnny