<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<font face="Helvetica, Arial, sans-serif">I think there are two
different things being described... (1) meta data about the host
(host-meta) and (2) meta data about the acct: identifier (XRD returned
from the webfinger template URI endpoint).<br>
<br>
In this thread, that host-meta XRD only describes one service of the
host... webfinger. However, there is nothing stopping the host from
also adding a <Link> specifying that it is also an OpenID
Provider. I agree with Allen that this is valuable information. This
doesn't preclude or supersede the XRD returned for the user (based on
the template URI endpoint).<br>
<br>
So, if an RP is looking to find the user's OP, then follow the
webfinger protocol. If the RP just wants to know if a domain supports
OpenID it can just look in the host-meta for that domain.<br>
<br>
I don't think they conflict.<br>
<br>
Thanks,<br>
George<br>
</font><br>
On 1/25/10 3:52 PM, Paul E. Jones wrote:
<blockquote cite="mid:006501ca9e00$3ddca760$b995f620$@com" type="cite">
<pre wrap="">Allen,
Perhaps we're in agreement, but I wasn't clear.
I think OpenID RPs should be able to use XRD documents in order to discover
the user's login service -- I like this. What I would *not* want is for
that to be defined in this document:
<a class="moz-txt-link-freetext" href="http://yahoo.com/.well-known/host-meta">http://yahoo.com/.well-known/host-meta</a>
The reason is that this document is not user-specific and blankets
everything under the yahoo.com domain.
Rather, I'd want that to be in this document:
<a class="moz-txt-link-freetext" href="http://webfinger.yahooapis.com/?id=">http://webfinger.yahooapis.com/?id=</a>{%id}
Or other document that allows the user to provide details about himself.
So, if I enter <a class="moz-txt-link-abbreviated" href="mailto:paulej@yahoo.com">paulej@yahoo.com</a>, RPs would still be directed to
<a class="moz-txt-link-freetext" href="http://openid.packetizer.com/paulej">http://openid.packetizer.com/paulej</a> by querying the above document (or other
document) and finding some pointer to my OP.
Paul
</pre>
<blockquote type="cite">
<pre wrap="">-----Original Message-----
From: Allen Tom [<a class="moz-txt-link-freetext" href="mailto:atom@yahoo-inc.com">mailto:atom@yahoo-inc.com</a>]
Sent: Monday, January 25, 2010 1:45 PM
To: Paul E. Jones
Cc: <a class="moz-txt-link-abbreviated" href="mailto:arshad.khan@channel321.com">arshad.khan@channel321.com</a>; <a class="moz-txt-link-abbreviated" href="mailto:specs@openid.net">specs@openid.net</a>; 'John Panzer'
Subject: Re: Email Address to URL Transformation
Hi Paul -
This assumes that every user with a Gmail or Yahoo email account can
use
their account as an OpenID. Simply asking the user to enter their email
address to kickoff the sign-in process is a lot more scalable than the
NASCAR, and is probably a lot more usable then asking them to enter
their
OpenID URL.
Allen
On 1/24/10 7:12 PM, "Paul E. Jones" <a class="moz-txt-link-rfc2396E" href="mailto:paulej@packetizer.com"><paulej@packetizer.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">
But, wouldn't that assume that every user who has a gmail.com or
</pre>
</blockquote>
<pre wrap="">yahoo.com
</pre>
<blockquote type="cite">
<pre wrap="">email address uses Google or Yahoo, respectively, for OpenID?
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<pre wrap="">
_______________________________________________
specs mailing list
<a class="moz-txt-link-abbreviated" href="mailto:specs@lists.openid.net">specs@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a>
</pre>
</blockquote>
</body>
</html>