Re: [xri] HXRI as OpenID

["Tan, William" <William.Tan@neustar.biz>]

This is related to issue #41 on the wiki which we just closed:

<http://wiki.oasis-open.org/xri/Xri2Cd02/ResWorkingDraft11#head-b343e4adf430b88a15d8e1cceb581fa65c573719>

I had originally proposed to make the Accept header play the singular 
role of being the Resolution Media Type (_xrd_r), but was somehow 
convinced that it should be Service Media Type. Now I'm back but can't 
quite remember what was the argument for it. Drummond, Les, Markus?

My arguments for *not* using it as a Service Media Type is that I 
personally think Service Media Type is a lesser-used feature of service 
selection. XRI-aware clients can still use _xrd_m for it, while non 
XRI-aware clients will probably send fairly generic media types anyway.


IF the Accept header was actually the resolution media type (_xrd_r) or 
even the way it is defined today, Yadis client will generally send 
"Accept: application/xrds+xml" to the HXRI proxy, which will then 
interpret that as _xrd_r=application/xrds+xml;sep=false;ref=true

It will then perform resolution and then does service selection and 
returns the XRDS document (which may contain a non-success status code 
but I don't think Yadis client looks at it.) This way, it should work, no?

=wil

Gabe Wachob wrote:
>
> Let me ask you this: are both approaches XRI Resolution compliant? I 
> really don’t like #2 because it forces users to do something new (ie 
> add “openid.” At the beginning) **and**, technically speaking, the 
> identifier is no longer an HXRI.
>
> I’d especially prefer Markus’ solution if it were still compliant with 
> XRI Resolution.
>
> -Gabe
>
> ------------------------------------------------------------------------
>
> *From:* Drummond Reed [mailto:drummond.reed@cordance.net]
> *Sent:* Tuesday, April 24, 2007 11:43 PM
> *To:* 'Gabe Wachob'; 'Markus Sabadello'; xri@lists.oasis-open.org
> *Cc:* andy.dale@ootao.com; 'Victor Grey'
> *Subject:* RE: [xri] HXRI as OpenID
>
> Markus, Gabe:
>
> Both suggestions have serious merit. Neither is perfect, but given 
> that we are working the Yadis requirements into XRI Resolution 2.0 
> Working Draft 11 as we went over last week, we need to provide a clear 
> answer as to how XRIs in HXRI format can work with any version of OpenID.
>
> The openid.xri.net special-proxy-address option was the one I 
> discussed at breakfast last week – I don’t think its very “hacky” 
> since all it involves is using a known “special proxy” to modify the 
> HXRI to produce an OpenID-compliant proxy request to xri.net. However 
> Markus’s suggestion bears serious scrutiny as it doesn’t require 
> i-name users to learn anything new other than what they already know 
> about how to use their i-name as a URL (i.e., put “xri.net/” in front 
> of it).
>
> Others on the TC: which you prefer of these two solutions to the issue 
> of how i-names can be made compatible with any OpenID Relying Party, 
> even if they don’t have direct XRI support? Let us know by replying to 
> this message whether you prefer:
>
> 1) Modifying HXRI proxy servers to provide OpenID/Yadis-compliant 
> responses if no User-Agent header is present in the request. (In this 
> case the proxy would return both an X-XRDS-Location header and an XRDS 
> document.)
>
> 2) Using a special OpenID-enabled proxy server address such as 
> openid.xri.net. (In this case the special proxy would simply add the 
> query parameters to the HXRI to return an XRDS to the request, then 
> redirect the request to the normal proxy server.)
>
> =Drummond
>
> ------------------------------------------------------------------------
>
> *From:* Gabe Wachob [mailto:gabe.wachob@amsoft.net]
> *Sent:* Tuesday, April 24, 2007 1:00 AM
> *To:* 'Markus Sabadello'; xri@lists.oasis-open.org
> *Subject:* RE: [xri] HXRI as OpenID
>
> An even hackier solution might be to give your xri as 
> openid.xri.net/<yourxri> (which is NOT an HXRI – it would resolve in a 
> special way for ignorant OpenID 1.X RPs’). This requires user 
> intervention, so it’s not a really good solution.
>
> -Gabe
>
> ------------------------------------------------------------------------
>
> *From:* markus.sabadello@gmail.com [mailto:markus.sabadello@gmail.com] 
> *On Behalf Of *Markus Sabadello
> *Sent:* Tuesday, April 24, 2007 12:30 AM
> *To:* xri@lists.oasis-open.org
> *Subject:* [xri] HXRI as OpenID
>
> One more thing today.. I had an idea about the problem Drummond 
> mentionned during breakfast on Friday. But I am warning you, it is 
> very hacky...
>
> The problem:
> Many OpenID RPs do not (yet?) support i-names. If you try to enter 
> your i-name in the form of an HXRI ( e.g. http://xri.net/=Drummond), 
> this does not work either, since the proxy selects the default SEP 
> from the XRD, not the Authentication SEP.
>
> Maybe a solution:
> Modify the proxy to look at the User-Agent header. If it is not there, 
> the request probably comes from an OpenID RP trying to do discovery. 
> Both the janrain and sxip libraries do not send this header.
>
> There are many difficulties to be expected here. The proxy would have 
> to display or redirect to some page that has an appropriate <link 
> rel="openid.server" href="..."> element, and the Authentication 
> i-service would somehow have to make sure that =Drummond and 
> http://xri.net/=Drummond are actually treated as the same identity, 
> not separate ones. Maybe this can be done with OpenID delegation.
>
> I am not sure if this really works, it's just an idea.
>
> Markus
>