[+webfinger list]<div><br></div><div>Hi guys, </div><div><br></div><div>see below - the question is whether <a href="http://specs.openid.net/auth/2.0/provider">http://specs.openid.net/auth/2.0/provider</a> is the best name for the OpenID in a webfinger XRD.</div>
<div><br></div><div>Dirk.<br><br><div class="gmail_quote">On Mon, Mar 22, 2010 at 10:22 AM, Paul E. Jones <span dir="ltr"><<a href="mailto:paulej@packetizer.com">paulej@packetizer.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">Dirk,</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">Thanks for the clarification. I now understand the reasoning.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">I would not want to require the OpenID spec to handle acct: URI
types, per se, but it would be nice if the OpenID RPs would pre-process whatever
the user enters and use webfinger to determine the OpenID ID if whatever is
entered looks like an email address. Do we need to change the OpenID spec
to make that happen? I think these steps could be independent.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">You’ve certainly made a valid point for why this ought not
be the “signon” URI. But, is “provider” the right
word? What I really want is to simply map the thing that looks like an
email address into the OpenID ID.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">How about this: <a href="http://openid.net/identity" target="_blank">http://openid.net/identity</a></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">This would refer to the “claimed ID” (if that’s
not too confusing with openid.identity).</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">I removed all of the version information, since I assume my
OpenID ID would never change from one version of OpenID to another. If it
did, users would have never-ending frustration with identifiers. So, I
think we can assume this will be fixed.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">So, the XRD document might contain:</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"><Link rel='<a href="http://openid.net/identity" target="_blank">http://openid.net/identity</a>' href='<a href="http://openid.packetizer.com/paulej" target="_blank">http://openid.packetizer.com/paulej</a>'
/></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">I think this is basically the same thing as using “provider”,
but I think it is clearer that it’s not the OpenID provider / server /
whatever, but merely the user’s OpenID ID. Once this transformation
is made, then the normal OpenID RP procedures would be followed to find the OP
Endpoint URL, as you explained below.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">In any case, I guess it does not make a lot of difference
whether we use:</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"><a href="http://openid.net/identity" target="_blank">http://openid.net/identity</a></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">or</span></p><div class="im">
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"><a href="http://specs.openid.net/auth/2.0/provider" target="_blank">http://specs.openid.net/auth/2.0/provider</a></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
</div><p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">But, given this ought to be a constant mapping (acct: URIs to
OpenID identity URIs), I prefer the former.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">Whatever the case, how can we settle on this and set it on stone?
I think getting agreement quickly is more important than the particular value.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">Paul</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt">From:</span></b><span style="font-size:10.0pt"> Dirk Balfanz
[mailto:<a href="mailto:balfanz@google.com" target="_blank">balfanz@google.com</a>] <br>
<b>Sent:</b> Monday, March 22, 2010 12:02 PM<br>
<b>To:</b> Paul E. Jones<br>
<b>Cc:</b> <a href="mailto:openid-specs@lists.openid.net" target="_blank">openid-specs@lists.openid.net</a><br>
<b>Subject:</b> Re: WebFinger at Google</span></p>
</div>
</div><div><div></div><div class="h5">
<p class="MsoNormal"> </p>
<p class="MsoNormal" style="margin-bottom:12.0pt"> </p>
<div>
<p class="MsoNormal">On Fri, Mar 19, 2010 at 10:17 AM, Paul E. Jones <<a href="mailto:paulej@packetizer.com" target="_blank">paulej@packetizer.com</a>> wrote:</p>
<div>
<div>
<p class="MsoNormal">Folks,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Google
appears to have Webfinger enabled on some accounts, at least. You can see
it with this:</p>
<p class="MsoNormal">curl
<a href="http://gmail.com/.well-known/host-meta" target="_blank">http://gmail.com/.well-known/host-meta</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">That
returns this:</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New""><?xml version='1.0'
encoding='UTF-8'?></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New""><!-- NOTE: this host-meta
end-point is a pre-alpha work in progress. Don't rely on it. --></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New""><!-- Please follow the
list at <a href="http://groups.google.com/group/webfinger" target="_blank">http://groups.google.com/group/webfinger</a>
--></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New""><XRD xmlns='<a href="http://docs.oasis-open.org/ns/xri/xrd-1.0" target="_blank">http://docs.oasis-open.org/ns/xri/xrd-1.0</a>'
</span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New"">
xmlns:hm='<a href="http://host-meta.net/xrd/1.0" target="_blank">http://host-meta.net/xrd/1.0</a>'></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New""> <hm:Host xmlns='<a href="http://host-meta.net/xrd/1.0" target="_blank">http://host-meta.net/xrd/1.0</a>'><a href="http://gmail.com" target="_blank">gmail.com</a></hm:Host></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New""> <Link rel='lrdd' </span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New"">
template='http<span style="color:#00B050">://<a href="http://www.google.com/s2/webfinger/?q=%7Buri%7D" target="_blank">www.google.com/s2/webfinger/?q={uri}</a></span>'></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New"">
<Title>Resource Descriptor</Title></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New""> </Link></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New""></XRD></span></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Now,
querying the LRDD URL like this:</p>
<p class="MsoNormal">curl
<a href="http://www.google.com/s2/webfinger/?q=acct" target="_blank">http://www.google.com/s2/webfinger/?q=acct</a>:<user>@<a href="http://gmail.com" target="_blank">gmail.com</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">will
return an XRD document, one of whose members is this:</p>
<p class="MsoNormal"><Link
rel='<a href="http://specs.openid.net/auth/2.0/provider" target="_blank">http://specs.openid.net/auth/2.0/provider</a>'
href='<a href="http://www.google.com/profiles/" target="_blank">http://www.google.com/profiles/</a><user>'/></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">The
href value might vary, but that’s what it returned for my account.
What concerns me is the link relation value: <a href="http://specs.openid.net/auth/2.0/provider" target="_blank">http://specs.openid.net/auth/2.0/provider</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Where
did that come from? The 2.0 spec defined two possible values:</p>
<p class="MsoNormal"><a href="http://specs.openid.net/auth/2.0/server" target="_blank">http://specs.openid.net/auth/2.0/server</a></p>
<p class="MsoNormal"><a href="http://specs.openid.net/auth/2.0/signon" target="_blank">http://specs.openid.net/auth/2.0/signon</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">However,
I cannot find the one Google is using defined anywhere, though I did see it
referenced here:</p>
<p class="MsoNormal"><a href="http://code.google.com/p/webfinger/source/browse/wiki/CommonLinkRelations.wiki?spec=svn22&r=22" target="_blank">http://code.google.com/p/webfinger/source/browse/wiki/CommonLinkRelations.wiki?spec=svn22&r=22</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Is
this an error? If not, can somebody point me to the correct
documentation?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">If
it is an error, what should the value be?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I
had assumed that the most logical choice was <a href="http://specs.openid.net/auth/2.0/signon" target="_blank">http://specs.openid.net/auth/2.0/signon</a>,
which is what I configured my server to return. </p>
</div>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">"signon" points to the actual OpenID endpoint (the
URL that RPs send their association requests to, that they redirect the users
to, etc.) The claimed id for which signon identifies the OpenID endpoint is the
URI on which discovery is performed. So "signon" wouldn't work for
two reasons:</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">(1) <a href="http://www.google.com/profiles/" target="_blank">http://www.google.com/profiles/</a><user> is not Google's
OpenID endpoint</p>
</div>
<div>
<p class="MsoNormal">(2) acct:<user>@<a href="http://gmail.com" target="_blank">gmail.com</a>
(which is what you're performing discovery on) is not a valid OpenID</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"><a href="http://www.google.com/profiles/" target="_blank">http://www.google.com/profiles/</a><user>
is, in fact, the user's OpenID (aka "claimed id", but as I mentioned,
_not_ Google's OpenID endpoint). The OpenID 2.0 spec doesn't specify a link
relation that means "this is my OpenID", so that's what the
"provider" link relation is supposed to convey. It's not part of any
standard (since webfinger itself hasn't been formalized yet). </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Does this make sense? </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">In a related note, I _would_ like to be able to put
"signon" links in webfinger XRDs, and make OpenID handle acct:URI
(which it necessarily would have to, at that point), but that won't happen
until we have a new version of OpenID.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Dirk.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal">I
made that assumption based on looking at all of the XRDS examples in the OpenID
2.0 spec.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Paul</p>
<p class="MsoNormal"> </p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a></p>
</blockquote>
</div>
<p class="MsoNormal"> </p>
</div></div></div>
</div>
</div>
</blockquote></div><br></div>