<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<font face="Helvetica, Arial, sans-serif">Well... I believe that the
scope of the <Link>'s described in a host-meta XRD should be </font>at
the host level. As such the host should be able to put anything it
wants in that XRD to describe the host. For example, may the host is
also a SAML IDP and wants to "advertise" that as well.<br>
<br>
How exactly OpenID v.next defines discovery of identifiers is something
else. And in fact, webfinger defines it's own discovery mechanism
separate from OpenID.<br>
<br>
For an RP that wants to discover meta-data about an email address,
using webfinger makes a lot of sense. Webfinger defines acct: scheme
and the
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
<a class="moz-txt-link-freetext" href="http://webfinger.info/rel/service">http://webfinger.info/rel/service</a> relationship and requires the
"protocol" to use the associated URI endpoint.<br>
<br>
A different discovery flow could require/recommend using a <Link>
from the host-meta XRD itself.<br>
<br>
As all this relates to OpenID and email-to-URL-transform, I can see
OpenID supporting a fallback method to the <Link> in the
host-meta XRD if the webfinger protocol fails.<br>
<br>
For example, the RP takes the email address <a class="moz-txt-link-abbreviated" href="mailto:alice@example.com">alice@example.com</a> and uses
webfinger to try and find an associated OP endpoint. If the discovery
resolution fails, or the returned XRD does NOT define an OP endpoint,
the RP MAY look in the host-meta XRD for an OP Endpoint <Link>.
Or something like that.<br>
<br>
Thanks,<br>
George<br>
<br>
On 1/27/10 4:18 PM, Paul E. Jones wrote:
<blockquote cite="mid:00a001ca9f96$3f6317d0$be294770$@com" type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="Section1">
<p class="MsoNormal"><span style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);">George,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);">You’re
right that there are two things. The question
is, do we wish to allow only OP advertisement via the host meta-data
XRD
file? That would certainly work for me. But, would users prefer to
have a single email address (e.g., <a moz-do-not-send="true" href="mailto:user@gmail.com">user@gmail.com</a>)
and still be able to associate that with a different OP through
webfinger?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);">People
could always have a different acct: URI. Is that
preferred over trying to support both host meta-data and user meta-data
XRD
documents? <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);">Paul<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<div style="border-style: none none none solid; border-color: -moz-use-text-color -moz-use-text-color -moz-use-text-color blue; border-width: medium medium medium 1.5pt; padding: 0in 0in 0in 4pt;">
<div>
<div style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0in 0in;">
<p class="MsoNormal"><b><span style="font-size: 10pt; font-family: "Tahoma","sans-serif"; color: windowtext;">From:</span></b><span style="font-size: 10pt; font-family: "Tahoma","sans-serif"; color: windowtext;">
George Fletcher
[<a class="moz-txt-link-freetext" href="mailto:gffletch@aol.com">mailto:gffletch@aol.com</a>] <br>
<b>Sent:</b> Wednesday, January 27, 2010 3:11 PM<br>
<b>To:</b> Paul E. Jones<br>
<b>Cc:</b> 'Allen Tom'; <a class="moz-txt-link-abbreviated" href="mailto:arshad.khan@channel321.com">arshad.khan@channel321.com</a>; <a class="moz-txt-link-abbreviated" href="mailto:specs@openid.net">specs@openid.net</a><br>
<b>Subject:</b> Re: Email Address to URL Transformation<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family: "Helvetica","sans-serif";">I think
there are two different things being described... (1) meta data about
the host
(host-meta) and (2) meta data about the acct: identifier (XRD returned
from the
webfinger template URI endpoint).<br>
<br>
In this thread, that host-meta XRD only describes one service of the
host...
webfinger. However, there is nothing stopping the host from also adding
a
<Link> specifying that it is also an OpenID Provider. I agree
with Allen
that this is valuable information. This doesn't preclude or supersede
the XRD
returned for the user (based on the template URI endpoint).<br>
<br>
So, if an RP is looking to find the user's OP, then follow the
webfinger
protocol. If the RP just wants to know if a domain supports OpenID it
can just look
in the host-meta for that domain.<br>
<br>
I don't think they conflict.<br>
<br>
Thanks,<br>
George<br>
</span><br>
On 1/25/10 3:52 PM, Paul E. Jones wrote: <o:p></o:p></p>
<pre>Allen,<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Perhaps we're in agreement, but I wasn't clear.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>I think OpenID RPs should be able to use XRD documents in order to discover<o:p></o:p></pre>
<pre>the user's login service -- I like this. What I would *not* want is for<o:p></o:p></pre>
<pre>that to be defined in this document:<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://yahoo.com/.well-known/host-meta">http://yahoo.com/.well-known/host-meta</a><o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>The reason is that this document is not user-specific and blankets<o:p></o:p></pre>
<pre>everything under the yahoo.com domain.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Rather, I'd want that to be in this document:<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://webfinger.yahooapis.com/?id=">http://webfinger.yahooapis.com/?id=</a>{%id}<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Or other document that allows the user to provide details about himself.<o:p></o:p></pre>
<pre>So, if I enter <a moz-do-not-send="true" href="mailto:paulej@yahoo.com">paulej@yahoo.com</a>, RPs would still be directed to<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://openid.packetizer.com/paulej">http://openid.packetizer.com/paulej</a> by querying the above document (or other<o:p></o:p></pre>
<pre>document) and finding some pointer to my OP.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Paul<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre> <o:p></o:p></pre>
<blockquote style="margin-top: 5pt; margin-bottom: 5pt;">
<pre>-----Original Message-----<o:p></o:p></pre>
<pre>From: Allen Tom [<a moz-do-not-send="true" href="mailto:atom@yahoo-inc.com">mailto:atom@yahoo-inc.com</a>]<o:p></o:p></pre>
<pre>Sent: Monday, January 25, 2010 1:45 PM<o:p></o:p></pre>
<pre>To: Paul E. Jones<o:p></o:p></pre>
<pre>Cc: <a moz-do-not-send="true" href="mailto:arshad.khan@channel321.com">arshad.khan@channel321.com</a>; <a moz-do-not-send="true" href="mailto:specs@openid.net">specs@openid.net</a>; 'John Panzer'<o:p></o:p></pre>
<pre>Subject: Re: Email Address to URL Transformation<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Hi Paul -<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>This assumes that every user with a Gmail or Yahoo email account can<o:p></o:p></pre>
<pre>use<o:p></o:p></pre>
<pre>their account as an OpenID. Simply asking the user to enter their email<o:p></o:p></pre>
<pre>address to kickoff the sign-in process is a lot more scalable than the<o:p></o:p></pre>
<pre>NASCAR, and is probably a lot more usable then asking them to enter<o:p></o:p></pre>
<pre>their<o:p></o:p></pre>
<pre>OpenID URL.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Allen<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>On 1/24/10 7:12 PM, "Paul E. Jones" <a moz-do-not-send="true" href="mailto:paulej@packetizer.com"><paulej@packetizer.com></a> wrote:<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre> <o:p></o:p></pre>
<blockquote style="margin-top: 5pt; margin-bottom: 5pt;">
<pre><o:p> </o:p></pre>
<pre>But, wouldn't that assume that every user who has a gmail.com or<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
</blockquote>
<pre>yahoo.com<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<blockquote style="margin-top: 5pt; margin-bottom: 5pt;">
<pre>email address uses Google or Yahoo, respectively, for OpenID?<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre> <o:p></o:p></pre>
</blockquote>
<pre><o:p> </o:p></pre>
<pre> <o:p></o:p></pre>
</blockquote>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>specs mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a><o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre> <o:p></o:p></pre>
</div>
</div>
</blockquote>
</body>
</html>