<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<title>Re: WebFinger at Google</title>
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Eran,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>That’s what we’re shooting for. Assuming we’re
using LRDD, what “rel” value should one look for in an LRDD XRD
document to map a user with a given acct: URI to an OpenID URI.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>The LRDD document returned for a given acct: URI might contain a
<Link> like this:<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";
color:#1F497D'><Link rel='http://openid.net/identity'<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";
color:#1F497D'> href='http://openid.packetizer.com/paulej'/><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Is that what you’re thinking, or did you have something
else in mind?<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Paul<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
webfinger@googlegroups.com [mailto:webfinger@googlegroups.com] <b>On Behalf Of </b>Eran
Hammer-Lahav<br>
<b>Sent:</b> Monday, March 22, 2010 4:17 PM<br>
<b>To:</b> webfinger@googlegroups.com; John Panzer<br>
<b>Cc:</b> Dirk Balfanz; openid-specs@lists.openid.net<br>
<b>Subject:</b> Re: WebFinger at Google<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif"'>OpenID should just use LRDD which works for
http/https/acct URIs. WebFinger is really just a subset of LRDD.<br>
<br>
EHL<br>
<br>
<br>
On 3/22/10 11:52 AM, "Paul Jones" <<a href="paulej@packetizer.com">paulej@packetizer.com</a>>
wrote:</span><o:p></o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif"'>John,<br>
<br>
I'd assume RPs will know how to do webfinger, but I don't think we need to<br>
tightly bind the OpenID and webfinger specs.<br>
<br>
Can we assume that if a user enters <a href="paulej@packetizer.com">paulej@packetizer.com</a>
that the RP might<br>
formulate an acct: URI type and then perform a query for<br>
acct:<a href="paulej@packetizer.com">paulej@packetizer.com</a>? I think
that's a reasonable assumption, since<br>
that's likely going to be the natural way people would expect it to work.<br>
<br>
The real question is: what should it be looking for in the XRD document<br>
returned for an acct: URI?<br>
<br>
What I'm suggesting is this:<br>
<br>
<Link rel='<a href="http://openid.net/identity">http://openid.net/identity</a>'<br>
href='<a
href="http://openid.packetizer.com/paulej'/">http://openid.packetizer.com/paulej'/</a>><br>
<br>
What Google is presently returning is this:<br>
<br>
<Link rel='<a href="http://specs.openid.net/auth/2.0/provider">http://specs.openid.net/auth/2.0/provider</a>'<br>
href='<a
href="http://openid.packetizer.com/paulej'/">http://openid.packetizer.com/paulej'/</a>><br>
<br>
I suppose it's six of one or half a dozen of another. However, the latter<br>
seems to suggest it's not the user's identity URL, but rather a pointer to<br>
the provider. But, I think the intent is return the user's OpenID ID in<br>
that href, right?<br>
<br>
So, what value should we use for the link relation?<br>
<br>
Paul<br>
<br>
> -----Original Message-----<br>
> From: John Panzer [<a href="mailto:jpanzer@google.com">mailto:jpanzer@google.com</a>]<br>
> Sent: Monday, March 22, 2010 2:28 PM<br>
> To: Paul E. Jones<br>
> Cc: Dirk Balfanz; <a href="openid-specs@lists.openid.net">openid-specs@lists.openid.net</a><br>
> Subject: Re: WebFinger at Google<br>
><br>
> Assuming you want to use the ID the user entered, I think openid rps<br>
> would need to know about acct: at least.<br>
><br>
> On Monday, March 22, 2010, Paul E. Jones <<a
href="paulej@packetizer.com">paulej@packetizer.com</a>> wrote:<br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > Dirk,<br>
> ><br>
> ><br>
> ><br>
> > Thanks for the clarification. I now understand the reasoning.<br>
> ><br>
> ><br>
> ><br>
> > I would not want to require the OpenID spec to handle acct: URI<br>
> > types, per se, but it would be nice if the OpenID RPs would pre-<br>
> process whatever<br>
> > the user enters and use webfinger to determine the OpenID ID if<br>
> whatever is<br>
> > entered looks like an email address. Do we need to change the
OpenID<br>
> spec<br>
> > to make that happen? I think these steps could be independent.<br>
> ><br>
> ><br>
> ><br>
> > You’ve certainly made a valid point for why this ought not<br>
> > be the “signon” URI. But, is “provider”
the right<br>
> > word? What I really want is to simply map the thing that looks
like<br>
> an<br>
> > email address into the OpenID ID.<br>
> ><br>
> ><br>
> ><br>
> > How about this: <a href="http://openid.net/identity">http://openid.net/identity</a><br>
> ><br>
> ><br>
> ><br>
> > This would refer to the “claimed ID” (if that’s<br>
> > not too confusing with openid.identity).<br>
> ><br>
> ><br>
> ><br>
> > I removed all of the version information, since I assume my<br>
> > OpenID ID would never change from one version of OpenID to another.<br>
> If it<br>
> > did, users would have never-ending frustration with
identifiers. So,<br>
> I<br>
> > think we can assume this will be fixed.<br>
> ><br>
> ><br>
> ><br>
> > So, the XRD document might contain:<br>
> ><br>
> ><br>
> ><br>
> > <Link rel='<a href="http://openid.net/identity">http://openid.net/identity</a>'<br>
> href='<a href="http://openid.packetizer.com/paulej">http://openid.packetizer.com/paulej</a>'<br>
> > /><br>
> ><br>
> ><br>
> ><br>
> > I think this is basically the same thing as using
“provider”,<br>
> > but I think it is clearer that it’s not the OpenID provider /
server<br>
> /<br>
> > whatever, but merely the user’s OpenID ID. Once this
transformation<br>
> > is made, then the normal OpenID RP procedures would be followed to<br>
> find the OP<br>
> > Endpoint URL, as you explained below.<br>
> ><br>
> ><br>
> ><br>
> > In any case, I guess it does not make a lot of difference<br>
> > whether we use:<br>
> ><br>
> > <a href="http://openid.net/identity">http://openid.net/identity</a><br>
> ><br>
> > or<br>
> ><br>
> > <a href="http://specs.openid.net/auth/2.0/provider">http://specs.openid.net/auth/2.0/provider</a><br>
> ><br>
> ><br>
> ><br>
> > But, given this ought to be a constant mapping (acct: URIs to<br>
> > OpenID identity URIs), I prefer the former.<br>
> ><br>
> ><br>
> ><br>
> > Whatever the case, how can we settle on this and set it on stone?<br>
> > I think getting agreement quickly is more important than the<br>
> particular value.<br>
> ><br>
> ><br>
> ><br>
> > Paul<br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > From: Dirk Balfanz<br>
> > [<a href="mailto:balfanz@google.com">mailto:balfanz@google.com</a>]<br>
> > Sent: Monday, March 22, 2010 12:02 PM<br>
> > To: Paul E. Jones<br>
> > Cc: <a href="openid-specs@lists.openid.net">openid-specs@lists.openid.net</a><br>
> > Subject: Re: WebFinger at Google<br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > On Fri, Mar 19, 2010 at 10:17 AM, Paul E. Jones<br>
> <<a href="paulej@packetizer.com">paulej@packetizer.com</a>> wrote:<br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > Folks,<br>
> ><br>
> ><br>
> ><br>
> > Google<br>
> > appears to have Webfinger enabled on some accounts, at least.
You<br>
> can see<br>
> > it with this:<br>
> ><br>
> > curl<br>
> > <a href="http://gmail.com/.well-known/host-meta">http://gmail.com/.well-known/host-meta</a><br>
> ><br>
> ><br>
> ><br>
> > That<br>
> > returns this:<br>
> ><br>
> ><br>
> ><br>
> > <?xml version='1.0'<br>
> > encoding='UTF-8'?><br>
> ><br>
> > <!-- NOTE: this host-meta<br>
> > end-point is a pre-alpha work in progress. Don't rely on
it. --><br>
> ><br>
> > <!-- Please follow the<br>
> > list at <a href="http://groups.google.com/group/webfinger">http://groups.google.com/group/webfinger</a><br>
> > --><br>
> ><br>
> > <XRD xmlns='<a href="http://docs.oasis-open.org/ns/xri/xrd-1.0">http://docs.oasis-open.org/ns/xri/xrd-1.0</a>'<br>
> ><br>
> ><br>
> ><br>
> > xmlns:hm='<a href="http://host-meta.net/xrd/1.0'">http://host-meta.net/xrd/1.0'</a>><br>
> ><br>
> > <hm:Host xmlns='<a
href="http://host-meta.net/xrd/1.0'%3egmail.com%3c/hm:Host">http://host-meta.net/xrd/1.0'>gmail.com</hm:Host</a>><br>
> ><br>
> > <Link rel='lrdd'<br>
> ><br>
> ><br>
> > template='<a href="http://www.google.com/s2/webfinger/?q=%7buri%7d'">http://www.google.com/s2/webfinger/?q={uri}'</a>><br>
> ><br>
> ><br>
> > <Title>Resource Descriptor</Title><br>
> ><br>
> > </Link><br>
> ><br>
> > </XRD><br>
> ><br>
> ><br>
> ><br>
> > Now,<br>
> > querying the LRDD URL like this:<br>
> ><br>
> > curl<br>
> > <a href="http://www.google.com/s2/webfinger/?q=acct:%3cuser%3e@gmail.com">http://www.google.com/s2/webfinger/?q=acct:<user>@gmail.com</a><br>
> ><br>
> ><br>
> ><br>
> > will<br>
> > return an XRD document, one of whose members is this:<br>
> ><br>
> > <Link<br>
> > rel='<a href="http://specs.openid.net/auth/2.0/provider">http://specs.openid.net/auth/2.0/provider</a>'<br>
> > href='<a href="http://www.google.com/profiles/%3cuser%3e'/">http://www.google.com/profiles/<user>'/</a>><br>
> ><br>
> ><br>
> ><br>
> > The<br>
> > href value might vary, but that’s what it returned for my
account.<br>
> > What concerns me is the link relation value:<br>
> <a href="http://specs.openid.net/auth/2.0/provider">http://specs.openid.net/auth/2.0/provider</a><br>
> ><br>
> ><br>
> ><br>
> > Where<br>
> > did that come from? The 2.0 spec defined two possible values:<br>
> ><br>
> > <a href="http://specs.openid.net/auth/2.0/server">http://specs.openid.net/auth/2.0/server</a><br>
> ><br>
> > <a href="http://specs.openid.net/auth/2.0/signon">http://specs.openid.net/auth/2.0/signon</a><br>
> ><br>
> ><br>
> ><br>
> > However,<br>
> > I cannot find the one Google is using defined anywhere, though I did<br>
> see it<br>
> > referenced here:<br>
> ><br>
> ><br>
> <a
href="http://code.google.com/p/webfinger/source/browse/wiki/CommonLinkRelatio">http://code.google.com/p/webfinger/source/browse/wiki/CommonLinkRelatio</a><br>
> ns.wiki?spec=svn22&r=22<br>
> ><br>
> ><br>
> ><br>
> > Is<br>
> > this an error? If not, can somebody point me to the correct<br>
> > documentation?<br>
> ><br>
> ><br>
> ><br>
> > If<br>
> > it is an error, what should the value be?<br>
> ><br>
> ><br>
> ><br>
> > I<br>
> > had assumed that the most logical choice was<br>
> <<a href="http://specs.openid.net/auth/2.0/signon">http://specs.openid.net/auth/2.0/signon</a>><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
><br>
> --<br>
> --<br>
> John Panzer / Google<br>
> <a href="jpanzer@google.com">jpanzer@google.com</a> / abstractioneer.org /
@jpanzer<br>
><br>
<br>
<br>
To unsubscribe from this group, send email to
webfinger+unsubscribegooglegroups.com or reply to this email with the words
"REMOVE ME" as the subject.</span><o:p></o:p></p>
<p class=MsoNormal>To unsubscribe from this group, send email to webfinger+unsubscribegooglegroups.com
or reply to this email with the words "REMOVE ME" as the subject.<o:p></o:p></p>
</div>
</body>
</html>