[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] HXRI as OpenID
This is related to issue #41 on the wiki which we just closed: <http://wiki.oasis-open.org/xri/Xri2Cd02/ResWorkingDraft11#head-b343e4adf430b88a15d8e1cceb581fa65c573719> I had originally proposed to make the Accept header play the singular role of being the Resolution Media Type (_xrd_r), but was somehow convinced that it should be Service Media Type. Now I'm back but can't quite remember what was the argument for it. Drummond, Les, Markus? My arguments for *not* using it as a Service Media Type is that I personally think Service Media Type is a lesser-used feature of service selection. XRI-aware clients can still use _xrd_m for it, while non XRI-aware clients will probably send fairly generic media types anyway. IF the Accept header was actually the resolution media type (_xrd_r) or even the way it is defined today, Yadis client will generally send "Accept: application/xrds+xml" to the HXRI proxy, which will then interpret that as _xrd_r=application/xrds+xml;sep=false;ref=true It will then perform resolution and then does service selection and returns the XRDS document (which may contain a non-success status code but I don't think Yadis client looks at it.) This way, it should work, no? =wil Gabe Wachob wrote: > > Let me ask you this: are both approaches XRI Resolution compliant? I > really don’t like #2 because it forces users to do something new (ie > add “openid.” At the beginning) **and**, technically speaking, the > identifier is no longer an HXRI. > > I’d especially prefer Markus’ solution if it were still compliant with > XRI Resolution. > > -Gabe > > ------------------------------------------------------------------------ > > *From:* Drummond Reed [mailto:drummond.reed@cordance.net] > *Sent:* Tuesday, April 24, 2007 11:43 PM > *To:* 'Gabe Wachob'; 'Markus Sabadello'; xri@lists.oasis-open.org > *Cc:* andy.dale@ootao.com; 'Victor Grey' > *Subject:* RE: [xri] HXRI as OpenID > > Markus, Gabe: > > Both suggestions have serious merit. Neither is perfect, but given > that we are working the Yadis requirements into XRI Resolution 2.0 > Working Draft 11 as we went over last week, we need to provide a clear > answer as to how XRIs in HXRI format can work with any version of OpenID. > > The openid.xri.net special-proxy-address option was the one I > discussed at breakfast last week – I don’t think its very “hacky” > since all it involves is using a known “special proxy” to modify the > HXRI to produce an OpenID-compliant proxy request to xri.net. However > Markus’s suggestion bears serious scrutiny as it doesn’t require > i-name users to learn anything new other than what they already know > about how to use their i-name as a URL (i.e., put “xri.net/” in front > of it). > > Others on the TC: which you prefer of these two solutions to the issue > of how i-names can be made compatible with any OpenID Relying Party, > even if they don’t have direct XRI support? Let us know by replying to > this message whether you prefer: > > 1) Modifying HXRI proxy servers to provide OpenID/Yadis-compliant > responses if no User-Agent header is present in the request. (In this > case the proxy would return both an X-XRDS-Location header and an XRDS > document.) > > 2) Using a special OpenID-enabled proxy server address such as > openid.xri.net. (In this case the special proxy would simply add the > query parameters to the HXRI to return an XRDS to the request, then > redirect the request to the normal proxy server.) > > =Drummond > > ------------------------------------------------------------------------ > > *From:* Gabe Wachob [mailto:gabe.wachob@amsoft.net] > *Sent:* Tuesday, April 24, 2007 1:00 AM > *To:* 'Markus Sabadello'; xri@lists.oasis-open.org > *Subject:* RE: [xri] HXRI as OpenID > > An even hackier solution might be to give your xri as > openid.xri.net/<yourxri> (which is NOT an HXRI – it would resolve in a > special way for ignorant OpenID 1.X RPs’). This requires user > intervention, so it’s not a really good solution. > > -Gabe > > ------------------------------------------------------------------------ > > *From:* markus.sabadello@gmail.com [mailto:markus.sabadello@gmail.com] > *On Behalf Of *Markus Sabadello > *Sent:* Tuesday, April 24, 2007 12:30 AM > *To:* xri@lists.oasis-open.org > *Subject:* [xri] HXRI as OpenID > > One more thing today.. I had an idea about the problem Drummond > mentionned during breakfast on Friday. But I am warning you, it is > very hacky... > > The problem: > Many OpenID RPs do not (yet?) support i-names. If you try to enter > your i-name in the form of an HXRI ( e.g. http://xri.net/=Drummond), > this does not work either, since the proxy selects the default SEP > from the XRD, not the Authentication SEP. > > Maybe a solution: > Modify the proxy to look at the User-Agent header. If it is not there, > the request probably comes from an OpenID RP trying to do discovery. > Both the janrain and sxip libraries do not send this header. > > There are many difficulties to be expected here. The proxy would have > to display or redirect to some page that has an appropriate <link > rel="openid.server" href="..."> element, and the Authentication > i-service would somehow have to make sure that =Drummond and > http://xri.net/=Drummond are actually treated as the same identity, > not separate ones. Maybe this can be done with OpenID delegation. > > I am not sure if this really works, it's just an idea. > > Markus >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]