Re: [xri] XRD trusted discovery workflow

["David Fuelling" <david.fuelling@cordance.net>]

On Wed, Dec 10, 2008 at 5:08 PM, Dirk Balfanz <balfanz@google.com> wrote:

As for David's comment: If I remember EAUT correctly, it's a layer before any OpenID discovery would start, and would simply transform an email address into a URL (on which then to perform discovery). In fact, it is orthogonal to OpenID - you can use EAUT to transform an email address into a URL for all sorts of purposes, only one of which is OpenID discovery.

So putting a resource map as a direct child element of <XRD> and using that to get the meta data for the email URI would be equivalent to EAUT - putting the resource map inside the <Service> element of <Type> http://specs.openid.net/auth/2.0/server would not.

Can you elaborate a bit more here?  It seems like a resource map requires a <Service> to give it any context.  For example, if I have an email address 'beth@example.com', and bootstrap that (in some form or another) to get site-meta XRD at http://example.com/site-meta, then what would the URIMap element "map" if it's not inside a <Service> element?

With EAUT, there are actually two <xrd:Type> possibilities inside of the <Service> element.  First is a "template" type, which with a corresponding URITemplate URI can be used to transform the email address to a URL directly.  The other <xrd:Type> is a "mapping" type, which allows the domain controller to delegate to a mapping service, thereby allowing individual users to specify (via that mapping service) which URL their email address should map to. 
 

Now I don't know whether equivalence with EAUT is something to strive for here...  

If we are going to address email addresses in the Discovery Bootstrapping, then I think we should consider EAUT (or something like it) over trying to define what should happen with a simple mailto:schemed URI.  Web-servers don't "do" anything with a mailto: schemed URI.  Some other mechanism is necessary to translate these URI's/email addresses into URL's, and that something probably needs to be more than just taking the "domain.tld" from an email address and trying to do discovery on that URL.

With all that said, however, are we really going to define URL mappings for every URI scheme in the XRD spec?  I doubt it.  Just thinking out loud, but should we consider calling email addresses out of scope here?  Why not let other specs figure out how to turn various URI schemes into URL's (like mailto:), and concentrate on the "URL Discovery Bootstrapping" part.

Dirk.