So the distinction appears to be in the (conceptual) relations between:<div><br></div><div>TODAY:</div><div><a href="mailto:acct%3Abob@gmail.com">acct:bob@gmail.com</a> maps with rel=<a href="http://specs.openid.net/auth/2.0/provider">http://specs.openid.net/auth/2.0/provider</a> to <a href="http://www.google.com/profiles/3922823829347234234">http://www.google.com/profiles/3922823829347234234</a></div>
<div><br></div><div>=="My OpenID provider is this OpenID over there" -- this does read weirdly.</div><div><br>PROPOSED:</div><div><a href="mailto:acct%3Abob@gmail.com">acct:bob@gmail.com</a> maps with rel=<a href="http://openid.net/identity">http://openid.net/identity</a> to <a href="http://www.google.com/profiles/3922823829347234234">http://www.google.com/profiles/3922823829347234234</a></div>
<div><br>=="My OpenID identity is this OpenID over there" -- reads okay, but wouldn't rel="me" be the same?</div><div><br></div><div>REJECTED:</div><div><div><a href="mailto:acct%3Abob@gmail.com">acct:bob@gmail.com</a> maps with rel=<a href="http://specs.openid.auth/2.0/server">http://specs.openid.auth/2.0/server</a> </div>
<div>to <a href="http://www.google.com/profiles/3922823829347234234">http://www.google.com/profiles/3922823829347234234</a></div><div><br></div><div>=="My OpenID provider server is this URL over there" -- would make sense if you say that an acct: URI _is_ an OpenID.</div>
<div><br></div><div>Seems to me that the last one would make sense iff an acct: URI could be considered an OpenID in and of itself, and not otherwise. And the middle one could make sense in that scenario, but would be a bit indirect and unnecessary. </div>
<div><br></div><div>Thus, my questions :)</div><div><br></div><div>I'm purposely using the ugly default Google profile URLs to make a point, of course.</div><div><br></div></div><div><br></div><div><br><div class="gmail_quote">
On Mon, Mar 22, 2010 at 9:01 AM, Dirk Balfanz <span dir="ltr"><<a href="mailto:balfanz@google.com">balfanz@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<br><br><div class="gmail_quote"><div><div></div><div class="h5">On Fri, Mar 19, 2010 at 10:17 AM, Paul E. Jones <span dir="ltr"><<a href="mailto:paulej@packetizer.com" target="_blank">paulej@packetizer.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal">Folks,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Google appears to have Webfinger enabled on some accounts,
at least. You can see it with this:</p>
<p class="MsoNormal">curl <a href="http://gmail.com/.well-known/host-meta" target="_blank">http://gmail.com/.well-known/host-meta</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">That returns this:</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New""><?xml
version='1.0' encoding='UTF-8'?></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New""><!--
NOTE: this host-meta end-point is a pre-alpha work in progress.
Don't rely on it. --></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New""><!--
Please follow the list at <a href="http://groups.google.com/group/webfinger" target="_blank">http://groups.google.com/group/webfinger</a> --></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New""><XRD
xmlns='<a href="http://docs.oasis-open.org/ns/xri/xrd-1.0" target="_blank">http://docs.oasis-open.org/ns/xri/xrd-1.0</a>' </span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New"">
xmlns:hm='<a href="http://host-meta.net/xrd/1.0" target="_blank">http://host-meta.net/xrd/1.0</a>'></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New"">
<hm:Host xmlns='<a href="http://host-meta.net/xrd/1.0" target="_blank">http://host-meta.net/xrd/1.0</a>'><a href="http://gmail.com" target="_blank">gmail.com</a></hm:Host></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New"">
<Link rel='lrdd' </span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New"">
template='http<span style="color:#00B050">://<a href="http://www.google.com/s2/webfinger/?q=%7Buri%7D" target="_blank">www.google.com/s2/webfinger/?q={uri}</a></span>'></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New"">
<Title>Resource Descriptor</Title></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New"">
</Link></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Courier New""></XRD></span></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Now, querying the LRDD URL like this:</p>
<p class="MsoNormal">curl <a href="http://www.google.com/s2/webfinger/?q=acct" target="_blank">http://www.google.com/s2/webfinger/?q=acct</a>:<user>@<a href="http://gmail.com" target="_blank">gmail.com</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">will return an XRD document, one of whose members is this:</p>
<p class="MsoNormal"><Link rel='<a href="http://specs.openid.net/auth/2.0/provider" target="_blank">http://specs.openid.net/auth/2.0/provider</a>'
href='<a href="http://www.google.com/profiles/" target="_blank">http://www.google.com/profiles/</a><user>'/></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">The href value might vary, but that’s what it returned
for my account. What concerns me is the link relation value: <a href="http://specs.openid.net/auth/2.0/provider" target="_blank">http://specs.openid.net/auth/2.0/provider</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Where did that come from? The 2.0 spec defined two
possible values:</p>
<p class="MsoNormal"><a href="http://specs.openid.net/auth/2.0/server" target="_blank">http://specs.openid.net/auth/2.0/server</a></p>
<p class="MsoNormal"><a href="http://specs.openid.net/auth/2.0/signon" target="_blank">http://specs.openid.net/auth/2.0/signon</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">However, I cannot find the one Google is using defined
anywhere, though I did see it referenced here:</p>
<p class="MsoNormal"><a href="http://code.google.com/p/webfinger/source/browse/wiki/CommonLinkRelations.wiki?spec=svn22&r=22" target="_blank">http://code.google.com/p/webfinger/source/browse/wiki/CommonLinkRelations.wiki?spec=svn22&r=22</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Is this an error? If not, can somebody point me to the
correct documentation?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">If it is an error, what should the value be?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I had assumed that the most logical choice was <a href="http://specs.openid.net/auth/2.0/signon" target="_blank">http://specs.openid.net/auth/2.0/signon</a>,
which is what I configured my server to return. </p></div></div></blockquote><div><br></div></div></div><div>"signon" points to the actual OpenID endpoint (the URL that RPs send their association requests to, that they redirect the users to, etc.) The claimed id for which signon identifies the OpenID endpoint is the URI on which discovery is performed. So "signon" wouldn't work for two reasons:</div>
<div><br></div><div>(1) <a href="http://www.google.com/profiles/" target="_blank">http://www.google.com/profiles/</a><user> is not Google's OpenID endpoint</div><div>(2) acct:<user>@<a href="http://gmail.com" target="_blank">gmail.com</a> (which is what you're performing discovery on) is not a valid OpenID</div>
<div><br></div><div><a href="http://www.google.com/profiles/" target="_blank">http://www.google.com/profiles/</a><user> is, in fact, the user's OpenID (aka "claimed id", but as I mentioned, _not_ Google's OpenID endpoint). The OpenID 2.0 spec doesn't specify a link relation that means "this is my OpenID", so that's what the "provider" link relation is supposed to convey. It's not part of any standard (since webfinger itself hasn't been formalized yet). </div>
<div><br></div><div>Does this make sense? </div><div><br></div><div>In a related note, I _would_ like to be able to put "signon" links in webfinger XRDs, and make OpenID handle acct:URI (which it necessarily would have to, at that point), but that won't happen until we have a new version of OpenID.</div>
<div><br></div><div>Dirk.</div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><div lang="EN-US" link="blue" vlink="purple">
<div><p class="MsoNormal">
I made that assumption
based on looking at all of the XRDS examples in the OpenID 2.0 spec.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Paul</p>
<p class="MsoNormal"> </p>
</div>
</div>
<br></div>_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
<br></blockquote></div><br>
<br>_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
<br></blockquote></div><br></div>