<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<title>Re: WebFinger at Google</title>
<style>
<!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Eran,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I would suggest not using “provider”, since the
mapping does not point to the provider. Rather, the href in the
<Link> is the OpenID identifier for the user. So, perhaps the
relation might simply be “openid”.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Anyway, I have no objection at all to what this value ought to
be, but we need to reach some agreement somehow. I have a particular
preference for URIs as values for relations, simply because it does not require
formal registration with the IETF. (Agree, it’s not a big deal, but
what’s the benefit?)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Paul<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
webfinger@googlegroups.com [mailto:webfinger@googlegroups.com] <b>On Behalf Of </b>Eran
Hammer-Lahav<br>
<b>Sent:</b> Monday, March 22, 2010 9:08 PM<br>
<b>To:</b> webfinger@googlegroups.com<br>
<b>Subject:</b> Re: WebFinger at Google<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif"'>LRDD uses XRD which uses Web Linking. In
Web Linking, if you have a well-defined relation type, you should make it a
registered short name. Registration is pretty easy (a spec, which can be an
OpenID Foundation document, and RFC, etc.).<br>
<br>
So...<br>
<br>
‘openid.provider’ is much more suitable. OpenID 2.0 didn’t
have a discovery layer on the server side so it had to encode the version in
the relation type. This is a mistake. The relation is not versioned, just the
provider’s endpoint (which can be described in its own XRD –
that’s the correct architecture).<br>
<br>
So I would use something as short and simple as ‘openid.provider’.
You can start using it now in XRD documents (or elsewhere included in LRDD).
You can worry about registration later once OpenID officially uses LRDD in a
spec. If you don’t want to overlap with previous values, you can make up
a new one like ‘openid.server’ (I never liked the provider and
relaying party terminology).<br>
<br>
We worked hard on the Web Linking spec so that you don’t need to continue
using these URI relation types...<br>
<br>
EHL<br>
<br>
<br>
On 3/22/10 5:22 PM, "Paul Jones" <<a href="paulej@packetizer.com">paulej@packetizer.com</a>>
wrote:</span><o:p></o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif"'>Eran,<br>
<br>
That’s what we’re shooting for. Assuming we’re using
LRDD, what “rel” value should one look for in an LRDD XRD document
to map a user with a given acct: URI to an OpenID URI.<br>
<br>
The LRDD document returned for a given acct: URI might contain a <Link>
like this:<br>
<br>
<Link rel='<a href="http://openid.net/identity">http://openid.net/identity</a>'<br>
href='<a
href="http://openid.packetizer.com/paulej'/">http://openid.packetizer.com/paulej'/</a>><br>
<br>
Is that what you’re thinking, or did you have something else in mind?<br>
<br>
Paul<br>
<br>
<br>
</span><b><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Calibri","sans-serif"'> <a
href="webfinger@googlegroups.com">webfinger@googlegroups.com</a> [<a
href="mailto:webfinger@googlegroups.com">mailto:webfinger@googlegroups.com</a>]
<b>On Behalf Of </b>Eran Hammer-Lahav<br>
<b>Sent:</b> Monday, March 22, 2010 4:17 PM<br>
<b>To:</b> <a href="webfinger@googlegroups.com">webfinger@googlegroups.com</a>;
John Panzer<br>
<b>Cc:</b> Dirk Balfanz; <a href="openid-specs@lists.openid.net">openid-specs@lists.openid.net</a><br>
<b>Subject:</b> Re: WebFinger at Google<br>
</span><br>
<span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>OpenID should
just use LRDD which works for http/https/acct URIs. WebFinger is really just a
subset of LRDD.<br>
<br>
EHL<br>
<br>
<br>
On 3/22/10 11:52 AM, "Paul Jones" <<a href="paulej@packetizer.com">paulej@packetizer.com</a>>
wrote:<br>
John,<br>
<br>
I'd assume RPs will know how to do webfinger, but I don't think we need to<br>
tightly bind the OpenID and webfinger specs.<br>
<br>
Can we assume that if a user enters <a href="paulej@packetizer.com">paulej@packetizer.com</a>
that the RP might<br>
formulate an acct: URI type and then perform a query for<br>
acct:<a href="paulej@packetizer.com">paulej@packetizer.com</a>? I think
that's a reasonable assumption, since<br>
that's likely going to be the natural way people would expect it to work.<br>
<br>
The real question is: what should it be looking for in the XRD document<br>
returned for an acct: URI?<br>
<br>
What I'm suggesting is this:<br>
<br>
<Link rel='<a href="http://openid.net/identity">http://openid.net/identity</a>'<br>
href='<a
href="http://openid.packetizer.com/paulej'/">http://openid.packetizer.com/paulej'/</a>><br>
<br>
What Google is presently returning is this:<br>
<br>
<Link rel='<a href="http://specs.openid.net/auth/2.0/provider">http://specs.openid.net/auth/2.0/provider</a>'<br>
href='<a
href="http://openid.packetizer.com/paulej'/">http://openid.packetizer.com/paulej'/</a>><br>
<br>
I suppose it's six of one or half a dozen of another. However, the latter<br>
seems to suggest it's not the user's identity URL, but rather a pointer to<br>
the provider. But, I think the intent is return the user's OpenID ID in<br>
that href, right?<br>
<br>
So, what value should we use for the link relation?<br>
<br>
Paul<br>
<br>
> -----Original Message-----<br>
> From: John Panzer [<a href="mailto:jpanzer@google.com">mailto:jpanzer@google.com</a>]<br>
> Sent: Monday, March 22, 2010 2:28 PM<br>
> To: Paul E. Jones<br>
> Cc: Dirk Balfanz; <a href="openid-specs@lists.openid.net">openid-specs@lists.openid.net</a><br>
> Subject: Re: WebFinger at Google<br>
><br>
> Assuming you want to use the ID the user entered, I think openid rps<br>
> would need to know about acct: at least.<br>
><br>
> On Monday, March 22, 2010, Paul E. Jones <<a
href="paulej@packetizer.com">paulej@packetizer.com</a>> wrote:<br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > Dirk,<br>
> ><br>
> ><br>
> ><br>
> > Thanks for the clarification. I now understand the reasoning.<br>
> ><br>
> ><br>
> ><br>
> > I would not want to require the OpenID spec to handle acct: URI<br>
> > types, per se, but it would be nice if the OpenID RPs would pre-<br>
> process whatever<br>
> > the user enters and use webfinger to determine the OpenID ID if<br>
> whatever is<br>
> > entered looks like an email address. Do we need to change the
OpenID<br>
> spec<br>
> > to make that happen? I think these steps could be independent.<br>
> ><br>
> ><br>
> ><br>
> > You’ve certainly made a valid point for why this ought not<br>
> > be the “signon” URI. But, is “provider”
the right<br>
> > word? What I really want is to simply map the thing that looks
like<br>
> an<br>
> > email address into the OpenID ID.<br>
> ><br>
> ><br>
> ><br>
> > How about this: <a href="http://openid.net/identity">http://openid.net/identity</a><br>
> ><br>
> ><br>
> ><br>
> > This would refer to the “claimed ID” (if that’s<br>
> > not too confusing with openid.identity).<br>
> ><br>
> ><br>
> ><br>
> > I removed all of the version information, since I assume my<br>
> > OpenID ID would never change from one version of OpenID to another.<br>
> If it<br>
> > did, users would have never-ending frustration with identifiers.
So,<br>
> I<br>
> > think we can assume this will be fixed.<br>
> ><br>
> ><br>
> ><br>
> > So, the XRD document might contain:<br>
> ><br>
> ><br>
> ><br>
> > <Link rel='<a href="http://openid.net/identity">http://openid.net/identity</a>'<br>
> href='<a href="http://openid.packetizer.com/paulej">http://openid.packetizer.com/paulej</a>'<br>
> > /><br>
> ><br>
> ><br>
> ><br>
> > I think this is basically the same thing as using
“provider”,<br>
> > but I think it is clearer that it’s not the OpenID provider /
server<br>
> /<br>
> > whatever, but merely the user’s OpenID ID. Once this
transformation<br>
> > is made, then the normal OpenID RP procedures would be followed to<br>
> find the OP<br>
> > Endpoint URL, as you explained below.<br>
> ><br>
> ><br>
> ><br>
> > In any case, I guess it does not make a lot of difference<br>
> > whether we use:<br>
> ><br>
> > <a href="http://openid.net/identity">http://openid.net/identity</a><br>
> ><br>
> > or<br>
> ><br>
> > <a href="http://specs.openid.net/auth/2.0/provider">http://specs.openid.net/auth/2.0/provider</a><br>
> ><br>
> ><br>
> ><br>
> > But, given this ought to be a constant mapping (acct: URIs to<br>
> > OpenID identity URIs), I prefer the former.<br>
> ><br>
> ><br>
> ><br>
> > Whatever the case, how can we settle on this and set it on stone?<br>
> > I think getting agreement quickly is more important than the<br>
> particular value.<br>
> ><br>
> ><br>
> ><br>
> > Paul<br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > From: Dirk Balfanz<br>
> > [<a href="mailto:balfanz@google.com">mailto:balfanz@google.com</a>]<br>
> > Sent: Monday, March 22, 2010 12:02 PM<br>
> > To: Paul E. Jones<br>
> > Cc: <a href="openid-specs@lists.openid.net">openid-specs@lists.openid.net</a><br>
> > Subject: Re: WebFinger at Google<br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > On Fri, Mar 19, 2010 at 10:17 AM, Paul E. Jones<br>
> <<a href="paulej@packetizer.com">paulej@packetizer.com</a>> wrote:<br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > Folks,<br>
> ><br>
> ><br>
> ><br>
> > Google<br>
> > appears to have Webfinger enabled on some accounts, at least. You<br>
> can see<br>
> > it with this:<br>
> ><br>
> > curl<br>
> > <a href="http://gmail.com/.well-known/host-meta">http://gmail.com/.well-known/host-meta</a><br>
> ><br>
> ><br>
> ><br>
> > That<br>
> > returns this:<br>
> ><br>
> ><br>
> ><br>
> > <?xml version='1.0'<br>
> > encoding='UTF-8'?><br>
> ><br>
> > <!-- NOTE: this host-meta<br>
> > end-point is a pre-alpha work in progress. Don't rely on
it. --><br>
> ><br>
> > <!-- Please follow the<br>
> > list at <a href="http://groups.google.com/group/webfinger">http://groups.google.com/group/webfinger</a><br>
> > --><br>
> ><br>
> > <XRD xmlns='<a href="http://docs.oasis-open.org/ns/xri/xrd-1.0">http://docs.oasis-open.org/ns/xri/xrd-1.0</a>'<br>
> ><br>
> ><br>
> ><br>
> > xmlns:hm='<a href="http://host-meta.net/xrd/1.0'">http://host-meta.net/xrd/1.0'</a>><br>
> ><br>
> > <hm:Host xmlns='<a
href="http://host-meta.net/xrd/1.0'%3egmail.com%3c/hm:Host">http://host-meta.net/xrd/1.0'>gmail.com</hm:Host</a>
<<a href="http://host-meta.net/xrd/1.0'%3egmail.com%3c/hm:Host">http://host-meta.net/xrd/1.0'%3egmail.com%3c/hm:Host</a>>
><br>
> ><br>
> > <Link rel='lrdd'<br>
> ><br>
> ><br>
> > template='<a href="http://www.google.com/s2/webfinger/?q=%7buri%7d">http://www.google.com/s2/webfinger/?q={uri}</a>'
<<a href="http://www.google.com/s2/webfinger/?q=%7buri%7d'">http://www.google.com/s2/webfinger/?q=%7buri%7d'</a>>
><br>
> ><br>
> ><br>
> > <Title>Resource Descriptor</Title><br>
> ><br>
> > </Link><br>
> ><br>
> > </XRD><br>
> ><br>
> ><br>
> ><br>
> > Now,<br>
> > querying the LRDD URL like this:<br>
> ><br>
> > curl<br>
> > <a href="http://www.google.com/s2/webfinger/?q=acct:%3cuser%3e@gmail.com">http://www.google.com/s2/webfinger/?q=acct:<user>@gmail.com</a>
<<a href="http://www.google.com/s2/webfinger/?q=acct:%3cuser%3e@gmail.com">http://www.google.com/s2/webfinger/?q=acct:%3cuser%3e@gmail.com</a>>
<br>
> ><br>
> ><br>
> ><br>
> > will<br>
> > return an XRD document, one of whose members is this:<br>
> ><br>
> > <Link<br>
> > rel='<a href="http://specs.openid.net/auth/2.0/provider">http://specs.openid.net/auth/2.0/provider</a>'<br>
> > href='<a href="http://www.google.com/profiles/%3cuser%3e'/">http://www.google.com/profiles/<user>'/</a>
<<a href="http://www.google.com/profiles/%3cuser%3e'/">http://www.google.com/profiles/%3cuser%3e'/</a>>
><br>
> ><br>
> ><br>
> ><br>
> > The<br>
> > href value might vary, but that’s what it returned for my
account.<br>
> > What concerns me is the link relation value:<br>
> <a href="http://specs.openid.net/auth/2.0/provider">http://specs.openid.net/auth/2.0/provider</a><br>
> ><br>
> ><br>
> ><br>
> > Where<br>
> > did that come from? The 2.0 spec defined two possible values:<br>
> ><br>
> > <a href="http://specs.openid.net/auth/2.0/server">http://specs.openid.net/auth/2.0/server</a><br>
> ><br>
> > <a href="http://specs.openid.net/auth/2.0/signon">http://specs.openid.net/auth/2.0/signon</a><br>
> ><br>
> ><br>
> ><br>
> > However,<br>
> > I cannot find the one Google is using defined anywhere, though I did<br>
> see it<br>
> > referenced here:<br>
> ><br>
> ><br>
> <a
href="http://code.google.com/p/webfinger/source/browse/wiki/CommonLinkRelatio">http://code.google.com/p/webfinger/source/browse/wiki/CommonLinkRelatio</a><br>
> ns.wiki?spec=svn22&r=22<br>
> ><br>
> ><br>
> ><br>
> > Is<br>
> > this an error? If not, can somebody point me to the correct<br>
> > documentation?<br>
> ><br>
> ><br>
> ><br>
> > If<br>
> > it is an error, what should the value be?<br>
> ><br>
> ><br>
> ><br>
> > I<br>
> > had assumed that the most logical choice was<br>
> <<a href="http://specs.openid.net/auth/2.0/signon">http://specs.openid.net/auth/2.0/signon</a>><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
><br>
> --<br>
> --<br>
> John Panzer / Google<br>
> <a href="jpanzer@google.com">jpanzer@google.com</a> / abstractioneer.org /
@jpanzer<br>
><br>
<br>
<br>
To unsubscribe from this group, send email to
webfinger+unsubscribegooglegroups.com or reply to this email with the words
"REMOVE ME" as the subject.<br>
</span>To unsubscribe from this group, send email to
webfinger+unsubscribegooglegroups.com or reply to this email with the words
"REMOVE ME" as the subject.<br>
<span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>To
unsubscribe from this group, send email to
webfinger+unsubscribegooglegroups.com or reply to this email with the words
"REMOVE ME" as the subject.</span><o:p></o:p></p>
<p class=MsoNormal>To unsubscribe from this group, send email to
webfinger+unsubscribegooglegroups.com or reply to this email with the words
"REMOVE ME" as the subject.<o:p></o:p></p>
</div>
</body>
</html>