WebFinger at Google

Paul E. Jones paulej at packetizer.com
Tue Mar 23 00:22:51 UTC 2010 

Eran,

 

That's what we're shooting for.  Assuming we're using LRDD, what "rel" value
should one look for in an LRDD XRD document to map a user with a given acct:
URI to an OpenID URI.

 

The LRDD document returned for a given acct: URI might contain a <Link> like
this:

 

<Link  rel='http://openid.net/identity'

       href='http://openid.packetizer.com/paulej'/>

 

Is that what you're thinking, or did you have something else in mind?

 

Paul

 

From: webfinger at googlegroups.com [mailto:webfinger at googlegroups.com] On
Behalf Of Eran Hammer-Lahav
Sent: Monday, March 22, 2010 4:17 PM
To: webfinger at googlegroups.com; John Panzer
Cc: Dirk Balfanz; openid-specs at lists.openid.net
Subject: Re: WebFinger at Google

 

OpenID should just use LRDD which works for http/https/acct URIs. WebFinger
is really just a subset of LRDD.

EHL


On 3/22/10 11:52 AM, "Paul Jones" <paulej at packetizer.com> wrote:

John,

I'd assume RPs will know how to do webfinger, but I don't think we need to
tightly bind the OpenID and webfinger specs.

Can we assume that if a user enters paulej at packetizer.com that the RP might
formulate an acct: URI type and then perform a query for
acct:paulej at packetizer.com?  I think that's a reasonable assumption, since
that's likely going to be the natural way people would expect it to work.

The real question is: what should it be looking for in the XRD document
returned for an acct: URI?

What I'm suggesting is this:

<Link rel='http://openid.net/identity'
      href='http://openid.packetizer.com/paulej'/>

What Google is presently returning is this:

<Link rel='http://specs.openid.net/auth/2.0/provider'
      href='http://openid.packetizer.com/paulej'/>

I suppose it's six of one or half a dozen of another.  However, the latter
seems to suggest it's not the user's identity URL, but rather a pointer to
the provider.  But, I think the intent is return the user's OpenID ID in
that href, right?

So, what value should we use for the link relation?

Paul

> -----Original Message-----
> From: John Panzer [mailto:jpanzer at google.com]
> Sent: Monday, March 22, 2010 2:28 PM
> To: Paul E. Jones
> Cc: Dirk Balfanz; openid-specs at lists.openid.net
> Subject: Re: WebFinger at Google
>
> Assuming you want to use the ID the user entered, I think openid rps
> would need to know about acct: at least.
>
> On Monday, March 22, 2010, Paul E. Jones <paulej at packetizer.com> wrote:
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Dirk,
> >
> >
> >
> > Thanks for the clarification.  I now understand the reasoning.
> >
> >
> >
> > I would not want to require the OpenID spec to handle acct: URI
> > types, per se, but it would be nice if the OpenID RPs would pre-
> process whatever
> > the user enters and use webfinger to determine the OpenID ID if
> whatever is
> > entered looks like an email address.  Do we need to change the OpenID
> spec
> > to make that happen?  I think these steps could be independent.
> >
> >
> >
> > You've certainly made a valid point for why this ought not
> > be the "signon" URI.  But, is "provider" the right
> > word?  What I really want is to simply map the thing that looks like
> an
> > email address into the OpenID ID.
> >
> >
> >
> > How about this: http://openid.net/identity
> >
> >
> >
> > This would refer to the "claimed ID" (if that's
> > not too confusing with openid.identity).
> >
> >
> >
> > I removed all of the version information, since I assume my
> > OpenID ID would never change from one version of OpenID to another.
> If it
> > did, users would have never-ending frustration with identifiers.  So,
> I
> > think we can assume this will be fixed.
> >
> >
> >
> > So, the XRD document might contain:
> >
> >
> >
> > <Link rel='http://openid.net/identity'
> href='http://openid.packetizer.com/paulej'
> > />
> >
> >
> >
> > I think this is basically the same thing as using "provider",
> > but I think it is clearer that it's not the OpenID provider / server
> /
> > whatever, but merely the user's OpenID ID.  Once this transformation
> > is made, then the normal OpenID RP procedures would be followed to
> find the OP
> > Endpoint URL, as you explained below.
> >
> >
> >
> > In any case, I guess it does not make a lot of difference
> > whether we use:
> >
> > http://openid.net/identity
> >
> > or
> >
> > http://specs.openid.net/auth/2.0/provider
> >
> >
> >
> > But, given this ought to be a constant mapping (acct: URIs to
> > OpenID identity URIs), I prefer the former.
> >
> >
> >
> > Whatever the case, how can we settle on this and set it on stone?
> > I think getting agreement quickly is more important than the
> particular value.
> >
> >
> >
> > Paul
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > From: Dirk Balfanz
> > [mailto:balfanz at google.com]
> > Sent: Monday, March 22, 2010 12:02 PM
> > To: Paul E. Jones
> > Cc: openid-specs at lists.openid.net
> > Subject: Re: WebFinger at Google
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On Fri, Mar 19, 2010 at 10:17 AM, Paul E. Jones
> <paulej at packetizer.com> wrote:
> >
> >
> >
> >
> >
> > Folks,
> >
> >
> >
> > Google
> > appears to have Webfinger enabled on some accounts, at least.  You
> can see
> > it with this:
> >
> > curl
> > http://gmail.com/.well-known/host-meta
> >
> >
> >
> > That
> > returns this:
> >
> >
> >
> > <?xml version='1.0'
> > encoding='UTF-8'?>
> >
> > <!-- NOTE: this host-meta
> > end-point is a pre-alpha work in progress.   Don't rely on it. -->
> >
> > <!-- Please follow the
> > list at http://groups.google.com/group/webfinger
> > -->
> >
> > <XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'
> >
> >
> >
> > xmlns:hm='http://host-meta.net/xrd/1.0'>
> >
> >   <hm:Host xmlns='http://host-meta.net/xrd/1.0'
<http://host-meta.net/xrd/1.0'%3egmail.com%3c/hm:Host> >gmail.com</hm:Host>
> >
> >   <Link rel='lrdd'
> >
> >
> > template='http://www.google.com/s2/webfinger/?q={uri}'
<http://www.google.com/s2/webfinger/?q=%7buri%7d'> >
> >
> >
> > <Title>Resource Descriptor</Title>
> >
> >   </Link>
> >
> > </XRD>
> >
> >
> >
> > Now,
> > querying the LRDD URL like this:
> >
> > curl
> > http://www.google.com/s2/webfinger/?q=acct:
<http://www.google.com/s2/webfinger/?q=acct:%3cuser%3e@gmail.com>
<user>@gmail.com
> >
> >
> >
> > will
> > return an XRD document, one of whose members is this:
> >
> > <Link
> > rel='http://specs.openid.net/auth/2.0/provider'
> > href='http://www.google.com/profiles/
<http://www.google.com/profiles/%3cuser%3e'/> <user>'/>
> >
> >
> >
> > The
> > href value might vary, but that's what it returned for my account.
> > What concerns me is the link relation value:
> http://specs.openid.net/auth/2.0/provider
> >
> >
> >
> > Where
> > did that come from?  The 2.0 spec defined two possible values:
> >
> > http://specs.openid.net/auth/2.0/server
> >
> > http://specs.openid.net/auth/2.0/signon
> >
> >
> >
> > However,
> > I cannot find the one Google is using defined anywhere, though I did
> see it
> > referenced here:
> >
> >
> http://code.google.com/p/webfinger/source/browse/wiki/CommonLinkRelatio
> ns.wiki?spec=svn22&r=22
> >
> >
> >
> > Is
> > this an error?  If not, can somebody point me to the correct
> > documentation?
> >
> >
> >
> > If
> > it is an error, what should the value be?
> >
> >
> >
> > I
> > had assumed that the most logical choice was
>  <http://specs.openid.net/auth/2.0/signon>
> >
> >
> >
> >
> >
> >
> >
>
> --
> --
> John Panzer / Google
> jpanzer at google.com / abstractioneer.org / @jpanzer
>


To unsubscribe from this group, send email to
webfinger+unsubscribegooglegroups.com or reply to this email with the words
"REMOVE ME" as the subject.

To unsubscribe from this group, send email to
webfinger+unsubscribegooglegroups.com or reply to this email with the words
"REMOVE ME" as the subject.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100322/f75bae1d/attachment.htm>

More information about the specs mailing list