<span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; ">Hi guys, <div><br></div><div>Google would like to launch a feature in which we're allowing our Google Apps hosted domains to become OpenID providers. The authentication part of it is pretty simple - Google is already logging in users to their apps, so we can also host an OP endpoint for those domains and send assertions back to Relying Parties. What is more difficult is the discovery part. We have been working with the XRI TC to define a XRD-based discovery protocol that would allow this kind of hosting of discovery documents on behalf of our customers. </div>
<div><br></div><div>We believe that providing proof-of-concept implementations drives standardization processes forward, so in this spirit we want to launch this feature in the near future, using a discovery protocol that as far as we can tell meets all the requirements of what the XRI TC is currently converging on, but which has not been vetted as an official standard (it's a chicken and egg thing - without PoC no standards, without standards by definition no standards-compliant implementations).</div>
<div><br></div><div>While we were <a href="http://markmail.org/message/ixc5led2lobdwij2" target="_blank" style="color: rgb(119, 153, 187); ">tossing around ideas </a>in the standardization committees we just used random identifiers for new XML namespaces, etc. that we would need for this discovery protocol. Now that we're about to launch we need to decide what to call these things. We would like to use a namespace in <a href="http://specs.openid.net/.">http://specs.openid.net/.</a>.. because we want this kind of discovery protocol to be part of OpenID, but we can't really use them because we don't have a next-generation discovery protocol yet. </div>
<div><br></div><div>So what should we use? How about <a href="http://experimental.openid.net/.">http://experimental.openid.net/.</a>.. ? That way, Relying Parties know that what we're trying to do is be a part of the OpenID community and bring the protocol forward. On the other hand, this would also be a signal to the RP that they're using a feature that has not been vetted as a standard yet. </div>
<div><br></div><div>For example, a discovery document for a domain <a href="http://balfanz.net">balfanz.net</a> at Google might look like this (notice the "experimental" namespace and the XML elements using it):</div>
<div><br></div><div><font face="'courier new', monospace"><?xml version="1.0" encoding="UTF-8"?></font></div><div><font face="'courier new', monospace"><xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)"></font></div>
<div><font face="'courier new', monospace"> <ds:Signature xmlns:ds="<a href="http://www.w3.org/2000/09/xmldsig#">http://www.w3.org/2000/09/xmldsig#</a>"></font></div><div><font face="'courier new', monospace"> <ds:SignedInfo></font></div>
<div><font face="'courier new', monospace"> <ds:CanonicalizationMethod Algorithm="<a href="http://docs.oasis-open.org/xri/xrd/2009/01#canonicalize-raw-octets">http://docs.oasis-open.org/xri/xrd/2009/01#canonicalize-raw-octets</a>" /></font></div>
<div><font face="'courier new', monospace"> <ds:SignatureMethod Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>" /></font></div><div>
<font face="'courier new', monospace"> </ds:SignedInfo></font></div><div><font face="'courier new', monospace"> <ds:KeyInfo></font></div><div><font face="'courier new', monospace"> <ds:X509Data></font></div>
<div><font face="'courier new', monospace"> <ds:X509Certificate></font></div><div><font face="'courier new', monospace"> MIICgjCCA...</font></div><div><font face="'courier new', monospace"> </ds:X509Certificate></font></div>
<div><font face="'courier new', monospace"> <ds:X509Certificate></font></div><div><font face="'courier new', monospace"> MIICsDCCAhmgAwIB...</font></div><div><font face="'courier new', monospace"> </ds:X509Certificate></font></div>
<div><font face="'courier new', monospace"> </ds:X509Data></font></div><div><font face="'courier new', monospace"> </ds:KeyInfo></font></div><div><font face="'courier new', monospace"> </ds:Signature></font></div>
<div><font face="'courier new', monospace"> <XRD></font></div><div><font face="'courier new', monospace"> <CanonicalID><a href="http://balfanz.net">balfanz.net</a></CanonicalID></font></div>
<div><font face="'courier new', monospace"> <Service priority="0"></font></div><div><font face="'courier new', monospace"> <Type><a href="http://specs.openid.net/auth/2.0/server">http://specs.openid.net/auth/2.0/server</a></Type></font></div>
<div><font face="'courier new', monospace"> <Type><a href="http://openid.net/srv/ax/1.0">http://openid.net/srv/ax/1.0</a></Type></font></div><div><font face="'courier new', monospace"> <Type><a href="http://specs.openid.net/extensions/pape/1.0">http://specs.openid.net/extensions/pape/1.0</a></Type></font></div>
<div><font face="'courier new', monospace"> <URI><a href="https://www.google.com/a/balfanz.net/o8/ud?be=o8">https://www.google.com/a/balfanz.net/o8/ud?be=o8</a></URI></font></div><div><font face="'courier new', monospace"> </Service></font></div>
<div><font face="'courier new', monospace"> <Service priority="0" xmlns:experimental="<a href="http://experimental.openid.net/google/2009/07/xmlns/">http://experimental.openid.net/google/2009/07/xmlns/</a>"></font></div>
<div><font face="'courier new', monospace"> <Type><a href="http://www.iana.org/assignments/relation/describedby">http://www.iana.org/assignments/relation/describedby</a></Type></font></div><div><font face="'courier new', monospace"> <MediaType>application/xrds+xml</MediaType></font></div>
<div><font face="'courier new', monospace"> <experimental:URITemplate><a href="https://www.google.com/accounts/o8/user-xrds?uri={%uri}">https://www.google.com/accounts/o8/user-xrds?uri={%uri}</a></experimental:URITemplate></font></div>
<div><font face="'courier new', monospace"> <experimental:NextAuthority><a href="http://hosted-id.google.com">hosted-id.google.com</a></experimental:NextAuthority></font></div><div><font face="'courier new', monospace"> </Service></font></div>
<div><font face="'courier new', monospace"> </XRD></font></div><div><font face="'courier new', monospace"></xrds:XRDS></font></div><div><br></div><div>What do you guys think?</div><div><br></div>
<div>Dirk.</div></span>