<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>John,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I would vote for the proposed rel value. One could use “me”,
but the whole webfinger acct: XRD document is about “me”. So,
I think we need something specific for OpenID.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>You and Chris Messina both raised concerns about the e-mail
style: should RPs remember the email ID or the OpenID value? Can we get
all OpenID RPs to accept an email form?<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>As for getting consistency: that’s very much needed, and I
really think this will happen sooner than later. People are comfortable
with e-mail style addresses and RPs will want to try to resolve it, I would
expect.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>What concerns me, though, is maintaining one value vs. the
other. We <i>should expect</i> the RPs to remember only the OpenID
identifier, since that is the identifier used by OpenID. The email form
is merely used to map to the OpenID identifier. What happens when a user
changes his OP? If the email form is maintained, then the user could still
be able to log in. However, if only the OpenID ID is stored, the user would
need to update that somehow. But, this is not really a webfinger issue,
but a “managing OpenID identities” problem. Still, if users
get used to entering email IDs, then it might become an issue for Webfinger.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Do we allow more than one OpenID for a user acct:? I
prefer to have a 1:1 mapping, otherwise it only delays logging in. It
would force OPs to ask which of several identities a user would like to use. Perhaps
there are arguments for allowing more than one? Would we use a <properties>
element to indicate a priority or indicate which ID is active or inactive?<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Paul<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> John Panzer
[mailto:jpanzer@google.com] <br>
<b>Sent:</b> Monday, March 22, 2010 4:58 PM<br>
<b>To:</b> Dirk Balfanz<br>
<b>Cc:</b> Paul E. Jones; openid-specs@lists.openid.net;
webfinger@googlegroups.com<br>
<b>Subject:</b> Re: WebFinger at Google<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>So the distinction appears to be in the (conceptual)
relations between:<o:p></o:p></p>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>TODAY:<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><a href="mailto:acct%3Abob@gmail.com">acct:bob@gmail.com</a>
maps with rel=<a href="http://specs.openid.net/auth/2.0/provider">http://specs.openid.net/auth/2.0/provider</a>
to <a href="http://www.google.com/profiles/3922823829347234234">http://www.google.com/profiles/3922823829347234234</a><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>=="My OpenID provider is this OpenID over there"
-- this does read weirdly.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><br>
PROPOSED:<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><a href="mailto:acct%3Abob@gmail.com">acct:bob@gmail.com</a>
maps with rel=<a href="http://openid.net/identity">http://openid.net/identity</a>
to <a href="http://www.google.com/profiles/3922823829347234234">http://www.google.com/profiles/3922823829347234234</a><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><br>
=="My OpenID identity is this OpenID over there" -- reads okay, but
wouldn't rel="me" be the same?<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>REJECTED:<o:p></o:p></p>
</div>
<div>
<div>
<p class=MsoNormal><a href="mailto:acct%3Abob@gmail.com">acct:bob@gmail.com</a>
maps with rel=<a href="http://specs.openid.auth/2.0/server">http://specs.openid.auth/2.0/server</a> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>to <a
href="http://www.google.com/profiles/3922823829347234234">http://www.google.com/profiles/3922823829347234234</a><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>=="My OpenID provider server is this URL over
there" -- would make sense if you say that an acct: URI _is_ an OpenID.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Seems to me that the last one would make sense iff an acct:
URI could be considered an OpenID in and of itself, and not otherwise.
And the middle one could make sense in that scenario, but would be a bit
indirect and unnecessary. <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Thus, my questions :)<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>I'm purposely using the ugly default Google profile URLs to
make a point, of course.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<p class=MsoNormal>On Mon, Mar 22, 2010 at 9:01 AM, Dirk Balfanz <<a
href="mailto:balfanz@google.com">balfanz@google.com</a>> wrote:<o:p></o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p>
<div>
<div>
<div>
<p class=MsoNormal>On Fri, Mar 19, 2010 at 10:17 AM, Paul E. Jones <<a
href="mailto:paulej@packetizer.com" target="_blank">paulej@packetizer.com</a>>
wrote:<o:p></o:p></p>
<div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Folks,<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Google
appears to have Webfinger enabled on some accounts, at least. You can see
it with this:<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>curl
<a href="http://gmail.com/.well-known/host-meta" target="_blank">http://gmail.com/.well-known/host-meta</a><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>That
returns this:<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'><?xml version='1.0'
encoding='UTF-8'?></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'><!-- NOTE: this host-meta
end-point is a pre-alpha work in progress. Don't rely on it. --></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'><!-- Please follow the
list at <a href="http://groups.google.com/group/webfinger" target="_blank">http://groups.google.com/group/webfinger</a>
--></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'><XRD xmlns='<a
href="http://docs.oasis-open.org/ns/xri/xrd-1.0" target="_blank">http://docs.oasis-open.org/ns/xri/xrd-1.0</a>'
</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'>
xmlns:hm='<a href="http://host-meta.net/xrd/1.0" target="_blank">http://host-meta.net/xrd/1.0</a>'></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'> <hm:Host xmlns='<a
href="http://host-meta.net/xrd/1.0" target="_blank">http://host-meta.net/xrd/1.0</a>'><a
href="http://gmail.com" target="_blank">gmail.com</a></hm:Host></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'> <Link rel='lrdd' </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'>
template='http<span style='color:#00B050'>://<a
href="http://www.google.com/s2/webfinger/?q=%7Buri%7D" target="_blank">www.google.com/s2/webfinger/?q={uri}</a></span>'></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'>
<Title>Resource Descriptor</Title></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'> </Link></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'></XRD></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Now,
querying the LRDD URL like this:<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>curl
<a href="http://www.google.com/s2/webfinger/?q=acct" target="_blank">http://www.google.com/s2/webfinger/?q=acct</a>:<user>@<a
href="http://gmail.com" target="_blank">gmail.com</a><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>will
return an XRD document, one of whose members is this:<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><Link
rel='<a href="http://specs.openid.net/auth/2.0/provider" target="_blank">http://specs.openid.net/auth/2.0/provider</a>'
href='<a href="http://www.google.com/profiles/" target="_blank">http://www.google.com/profiles/</a><user>'/><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>The
href value might vary, but that’s what it returned for my account.
What concerns me is the link relation value: <a
href="http://specs.openid.net/auth/2.0/provider" target="_blank">http://specs.openid.net/auth/2.0/provider</a><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Where
did that come from? The 2.0 spec defined two possible values:<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
href="http://specs.openid.net/auth/2.0/server" target="_blank">http://specs.openid.net/auth/2.0/server</a><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
href="http://specs.openid.net/auth/2.0/signon" target="_blank">http://specs.openid.net/auth/2.0/signon</a><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>However,
I cannot find the one Google is using defined anywhere, though I did see it
referenced here:<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
href="http://code.google.com/p/webfinger/source/browse/wiki/CommonLinkRelations.wiki?spec=svn22&r=22"
target="_blank">http://code.google.com/p/webfinger/source/browse/wiki/CommonLinkRelations.wiki?spec=svn22&r=22</a><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Is
this an error? If not, can somebody point me to the correct
documentation?<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>If
it is an error, what should the value be?<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I
had assumed that the most logical choice was <a
href="http://specs.openid.net/auth/2.0/signon" target="_blank">http://specs.openid.net/auth/2.0/signon</a>,
which is what I configured my server to return. <o:p></o:p></p>
</div>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</div>
</div>
<div>
<p class=MsoNormal>"signon" points to the actual OpenID endpoint (the
URL that RPs send their association requests to, that they redirect the users
to, etc.) The claimed id for which signon identifies the OpenID endpoint is the
URI on which discovery is performed. So "signon" wouldn't work for
two reasons:<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>(1) <a href="http://www.google.com/profiles/"
target="_blank">http://www.google.com/profiles/</a><user> is not Google's
OpenID endpoint<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>(2) acct:<user>@<a href="http://gmail.com"
target="_blank">gmail.com</a> (which is what you're performing discovery on) is
not a valid OpenID<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal><a href="http://www.google.com/profiles/" target="_blank">http://www.google.com/profiles/</a><user>
is, in fact, the user's OpenID (aka "claimed id", but as I mentioned,
_not_ Google's OpenID endpoint). The OpenID 2.0 spec doesn't specify a link
relation that means "this is my OpenID", so that's what the
"provider" link relation is supposed to convey. It's not part of any
standard (since webfinger itself hasn't been formalized yet). <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Does this make sense? <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>In a related note, I _would_ like to be able to put
"signon" links in webfinger XRDs, and make OpenID handle acct:URI
(which it necessarily would have to, at that point), but that won't happen
until we have a new version of OpenID.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Dirk.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;
margin-left:4.8pt;margin-right:0in'>
<div>
<div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I
made that assumption based on looking at all of the XRDS examples in the OpenID
2.0 spec.<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Paul<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'>_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><o:p></o:p></p>
</blockquote>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'><br>
<br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><o:p></o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</div>
</div>
</body>
</html>