<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Chris,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>The LRDD document needs <i>something</i>, I think, in order to
allow RPs to easily map e-mail IDs to OpenID IDs. The proposed value is
arbitrary, but we need to put a stake in the ground and get everybody to agree
on what that is.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I’m not sure where the list of accounts came from on the
webfinger.org page, but it appears to have been pulled from your Google profile
page. Is that published in some easy-to-digest document? Whatever
the case, you would expect any of those URIs to potentially be an OpenID ID?
Would the RP have to then go fishing to see which are and are not? As an
RP, I think it would be a lot of overhead. As the user, I’d be
annoyed seeing all of the options.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>So, if the RP can query an account like
acct:paulej@packetizer.com, the RP could find a Link (or more than one, if the
user wished) containing the value of the OpenID ID in the href. Like
this:<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> curl http://www.packetizer.com/lrdd/?uri=acct%3Apaulej%40packetizer.com<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Anyway, apparently folks had this idea in mind already, since
that’s how I discovered the rel value Google was using to apparently
refer to one’s OpenID ID. I also include that in my account
document. I can live with either the “identity” and “provider”
URI types appear, though “identity” seems more logical to me.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Paul<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Chris Messina
[mailto:chris.messina@gmail.com] <br>
<b>Sent:</b> Monday, March 22, 2010 8:56 PM<br>
<b>To:</b> Paul E. Jones<br>
<b>Cc:</b> John Panzer; Dirk Balfanz; webfinger@googlegroups.com;
openid-specs@lists.openid.net<br>
<b>Subject:</b> Re: WebFinger at Google<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>On Mon, Mar 22, 2010 at 5:01 PM, Paul E. Jones <<a
href="mailto:paulej@packetizer.com">paulej@packetizer.com</a>> wrote:<o:p></o:p></p>
<div>
<blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;
margin-left:4.8pt;margin-right:0in'>
<div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-style-span><span style='font-size:11.5pt;color:#1F497D'>I would
vote for the proposed rel value. One could use “me”, but the
whole webfinger acct: XRD document is about “me”. So, I think
we need something specific for OpenID.</span></span><o:p></o:p></p>
</div>
</div>
</blockquote>
<div>
<p class=MsoNormal>I can go either way here, like I said. Inventing "<a
href="http://openid.net/identity">http://openid.net/identity</a>" seems
arbitrary, and not tied to existing practice. That's my biggest concern about
it; but it's just a URI which has no semantic meaning... so it's not a deal
breaker for me. I just think it'll be harder to get people to take it seriously
if it doesn't look like anything else.<o:p></o:p></p>
</div>
<blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;
margin-left:4.8pt;margin-right:0in'>
<div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'>You and Chris Messina both raised
concerns about the e-mail style: should RPs remember the email ID or the OpenID
value? </span><o:p></o:p></p>
</div>
</div>
</blockquote>
<div>
<p class=MsoNormal>RPs can of course remember what the user first entered into
the box, but unless the OP returns the same identifier as an email address of
the user, it shouldn't be trusted. After all, that's the whole thrust of the
relationship that's being created: the *relying party* relies on the *identity
provider* for some user — it doesn't matter what gets entered into the
RP's site (they could just as easily offer a NASCAR array of buttons) —
what SHOULD matter to the RP is what the OP returns after the user has
presumably authenticated.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;
margin-left:4.8pt;margin-right:0in'>
<div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'>Can we get all OpenID RPs to accept an
email form?</span><o:p></o:p></p>
</div>
</div>
</blockquote>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Yes. However, we need to specify exactly how this should
work and then go about building support into the OpenID libraries. As it is,
you can use an email-style identifier in OpenID flows (<a href="http://chris">http://chris</a>@<a
href="http://yahoo.com">yahoo.com</a> is a valid URL) — but it doesn't
work reliably or consistently.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <span class=apple-style-span><span style='font-size:
11.5pt;color:#1F497D'> </span></span><o:p></o:p></p>
</div>
<blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;
margin-left:4.8pt;margin-right:0in'>
<div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-style-span><span style='font-size:11.5pt;color:#1F497D'>What
concerns me, though, is maintaining one value vs. the other. We <i>should
expect</i> the RPs to remember only the OpenID identifier, since that is the
identifier used by OpenID. The email form is merely used to map to the
OpenID identifier. What happens when a user changes his OP? If the
email form is maintained, then the user could still be able to log in.
However, if only the OpenID ID is stored, the user would need to update that
somehow. But, this is not really a webfinger issue, but a “managing
OpenID identities” problem. Still, if users get used to entering
email IDs, then it might become an issue for Webfinger.</span></span><o:p></o:p></p>
</div>
</div>
</blockquote>
<div>
<p class=MsoNormal>Changing OPs is essentially out of scope. It's no different
than if a user changes her email address today.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Sites should build in appropriate account recovery
mechanisms as needed, which may include linking more than one OpenID or email
address to a given account.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>We can't force people to manage their online accounts more
sensibly, or build in that level of policy into the protocol (for example,
someone's account might be shut down for abuse — but we can't specify
what abuse is, or what to do about it).<o:p></o:p></p>
</div>
<blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;
margin-left:4.8pt;margin-right:0in'>
<div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'>Do we allow more than one OpenID for a
user acct:? I prefer to have a 1:1 mapping, otherwise it only delays
logging in. It would force OPs to ask which of several identities a user
would like to use. Perhaps there are arguments for allowing more than
one? Would we use a <properties> element to indicate a priority or
indicate which ID is active or inactive?</span><o:p></o:p></p>
</div>
</div>
</blockquote>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>RPs should allow users to associate multiple identifiers to
their account, especially to aid in account recovery; this practice is up to
the RPs to implement, however.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>And, to illustrate this problem more acutely, here is what
my WebFinger address returns:<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal><a href="http://webfinger.org/lookup/chris.messina@gmail.com">http://webfinger.org/lookup/chris.messina@gmail.com</a><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>I can't imagine an RP asking me which of these accounts I
want to use for signing in...<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Chris<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;
margin-left:4.8pt;margin-right:0in'>
<div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'>Paul</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span
style='font-size:10.0pt'>From:</span></b><span style='font-size:10.0pt'> John
Panzer [mailto:<a href="mailto:jpanzer@google.com" target="_blank">jpanzer@google.com</a>]
<br>
<b>Sent:</b> Monday, March 22, 2010 4:58 PM<br>
<b>To:</b> Dirk Balfanz<br>
<b>Cc:</b> Paul E. Jones; <a href="mailto:openid-specs@lists.openid.net"
target="_blank">openid-specs@lists.openid.net</a>; <a
href="mailto:webfinger@googlegroups.com" target="_blank">webfinger@googlegroups.com</a></span><o:p></o:p></p>
<div>
<p class=MsoNormal><br>
<b>Subject:</b> Re: WebFinger at Google<o:p></o:p></p>
</div>
</div>
</div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>So
the distinction appears to be in the (conceptual) relations between:<o:p></o:p></p>
<div>
<div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>TODAY:<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
href="mailto:acct%3Abob@gmail.com" target="_blank">acct:bob@gmail.com</a> maps
with rel=<a href="http://specs.openid.net/auth/2.0/provider" target="_blank">http://specs.openid.net/auth/2.0/provider</a>
to <a href="http://www.google.com/profiles/3922823829347234234" target="_blank">http://www.google.com/profiles/3922823829347234234</a><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>=="My
OpenID provider is this OpenID over there" -- this does read weirdly.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><br>
PROPOSED:<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
href="mailto:acct%3Abob@gmail.com" target="_blank">acct:bob@gmail.com</a> maps
with rel=<a href="http://openid.net/identity" target="_blank">http://openid.net/identity</a>
to <a href="http://www.google.com/profiles/3922823829347234234" target="_blank">http://www.google.com/profiles/3922823829347234234</a><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><br>
=="My OpenID identity is this OpenID over there" -- reads okay, but
wouldn't rel="me" be the same?<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>REJECTED:<o:p></o:p></p>
</div>
<div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
href="mailto:acct%3Abob@gmail.com" target="_blank">acct:bob@gmail.com</a> maps
with rel=<a href="http://specs.openid.auth/2.0/server" target="_blank">http://specs.openid.auth/2.0/server</a> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>to <a
href="http://www.google.com/profiles/3922823829347234234" target="_blank">http://www.google.com/profiles/3922823829347234234</a><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>=="My
OpenID provider server is this URL over there" -- would make sense if you
say that an acct: URI _is_ an OpenID.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Seems
to me that the last one would make sense iff an acct: URI could be considered
an OpenID in and of itself, and not otherwise. And the middle one could
make sense in that scenario, but would be a bit indirect and unnecessary.
<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Thus,
my questions :)<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I'm
purposely using the ugly default Google profile URLs to make a point, of
course.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On
Mon, Mar 22, 2010 at 9:01 AM, Dirk Balfanz <<a
href="mailto:balfanz@google.com" target="_blank">balfanz@google.com</a>>
wrote:<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'> <o:p></o:p></p>
<div>
<div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On
Fri, Mar 19, 2010 at 10:17 AM, Paul E. Jones <<a
href="mailto:paulej@packetizer.com" target="_blank">paulej@packetizer.com</a>>
wrote:<o:p></o:p></p>
<div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Folks,<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Google
appears to have Webfinger enabled on some accounts, at least. You can see
it with this:<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>curl
<a href="http://gmail.com/.well-known/host-meta" target="_blank">http://gmail.com/.well-known/host-meta</a><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>That
returns this:<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'><?xml version='1.0'
encoding='UTF-8'?></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'><!-- NOTE: this host-meta
end-point is a pre-alpha work in progress. Don't rely on it. --></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'><!-- Please follow the
list at <a href="http://groups.google.com/group/webfinger" target="_blank">http://groups.google.com/group/webfinger</a>
--></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'><XRD xmlns='<a
href="http://docs.oasis-open.org/ns/xri/xrd-1.0" target="_blank">http://docs.oasis-open.org/ns/xri/xrd-1.0</a>'
</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'>
xmlns:hm='<a href="http://host-meta.net/xrd/1.0" target="_blank">http://host-meta.net/xrd/1.0</a>'></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'> <hm:Host xmlns='<a
href="http://host-meta.net/xrd/1.0" target="_blank">http://host-meta.net/xrd/1.0</a>'><a
href="http://gmail.com" target="_blank">gmail.com</a></hm:Host></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'> <Link rel='lrdd' </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'>
template='http<span style='color:#00B050'>://<a
href="http://www.google.com/s2/webfinger/?q=%7Buri%7D" target="_blank">www.google.com/s2/webfinger/?q={uri}</a></span>'></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'>
<Title>Resource Descriptor</Title></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'> </Link></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New"'></XRD></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Now,
querying the LRDD URL like this:<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>curl
<a href="http://www.google.com/s2/webfinger/?q=acct" target="_blank">http://www.google.com/s2/webfinger/?q=acct</a>:<user>@<a
href="http://gmail.com" target="_blank">gmail.com</a><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>will
return an XRD document, one of whose members is this:<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><Link
rel='<a href="http://specs.openid.net/auth/2.0/provider" target="_blank">http://specs.openid.net/auth/2.0/provider</a>'
href='<a href="http://www.google.com/profiles/" target="_blank">http://www.google.com/profiles/</a><user>'/><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>The
href value might vary, but that’s what it returned for my account.
What concerns me is the link relation value: <a
href="http://specs.openid.net/auth/2.0/provider" target="_blank">http://specs.openid.net/auth/2.0/provider</a><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Where
did that come from? The 2.0 spec defined two possible values:<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
href="http://specs.openid.net/auth/2.0/server" target="_blank">http://specs.openid.net/auth/2.0/server</a><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
href="http://specs.openid.net/auth/2.0/signon" target="_blank">http://specs.openid.net/auth/2.0/signon</a><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>However,
I cannot find the one Google is using defined anywhere, though I did see it
referenced here:<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
href="http://code.google.com/p/webfinger/source/browse/wiki/CommonLinkRelations.wiki?spec=svn22&r=22"
target="_blank">http://code.google.com/p/webfinger/source/browse/wiki/CommonLinkRelations.wiki?spec=svn22&r=22</a><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Is
this an error? If not, can somebody point me to the correct
documentation?<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>If
it is an error, what should the value be?<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I
had assumed that the most logical choice was <a
href="http://specs.openid.net/auth/2.0/signon" target="_blank">http://specs.openid.net/auth/2.0/signon</a>,
which is what I configured my server to return. <o:p></o:p></p>
</div>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
</div>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>"signon"
points to the actual OpenID endpoint (the URL that RPs send their association
requests to, that they redirect the users to, etc.) The claimed id for which
signon identifies the OpenID endpoint is the URI on which discovery is
performed. So "signon" wouldn't work for two reasons:<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>(1) <a
href="http://www.google.com/profiles/" target="_blank">http://www.google.com/profiles/</a><user>
is not Google's OpenID endpoint<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>(2)
acct:<user>@<a href="http://gmail.com" target="_blank">gmail.com</a>
(which is what you're performing discovery on) is not a valid OpenID<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
href="http://www.google.com/profiles/" target="_blank">http://www.google.com/profiles/</a><user>
is, in fact, the user's OpenID (aka "claimed id", but as I mentioned,
_not_ Google's OpenID endpoint). The OpenID 2.0 spec doesn't specify a link
relation that means "this is my OpenID", so that's what the
"provider" link relation is supposed to convey. It's not part of any
standard (since webfinger itself hasn't been formalized yet). <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Does
this make sense? <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>In
a related note, I _would_ like to be able to put "signon" links in
webfinger XRDs, and make OpenID handle acct:URI (which it necessarily would
have to, at that point), but that won't happen until we have a new version of
OpenID.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Dirk.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
<blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;
margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'>
<div>
<div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I
made that assumption based on looking at all of the XRDS examples in the OpenID
2.0 spec.<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Paul<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
</div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
<p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'>_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><o:p></o:p></p>
</blockquote>
</div>
<p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'><br>
<br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><o:p></o:p></p>
</div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'><br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><o:p></o:p></p>
</blockquote>
</div>
<p class=MsoNormal><br>
<br clear=all>
<br>
-- <br>
Chris Messina<br>
Open Web Advocate, Google<br>
<br>
Personal: <a href="http://factoryjoe.com">http://factoryjoe.com</a><br>
Follow me on Buzz: <a href="http://buzz.google.com/chrismessina">http://buzz.google.com/chrismessina</a>
<br>
...or Twitter: <a href="http://twitter.com/chrismessina">http://twitter.com/chrismessina</a>
<br>
<br>
This email is: [ ] shareable [X] ask first [ ]
private<o:p></o:p></p>
</div>
</div>
</body>
</html>