Choosing the right claimed identifier is hard and is critical to
get right. This should not be a hack but a properly architected solution. The
key is, what is the persistent identifier controlled by the user. I think we
have a bit of work to do before we can fully appreciate the OpenID implications
of XRD, but we are getting close.
EHL
From: sappenin@gmail.com
[mailto:sappenin@gmail.com] On Behalf Of David Fuelling
Sent: Monday, December 15, 2008 8:47 PM
To: Eran Hammer-Lahav
Cc: xri@lists.oasis-open.org
Subject: Re: [xri] Quick overview of descriptor discovery flow
On Mon, Dec 15, 2008 at 9:02 PM, Eran Hammer-Lahav <eran@hueniverse.com> wrote:
If it wasn't clear, this replaces only the
'Yadis' portion of the current OpenID discovery flow. It means you can get from
the URI the user entered to the XRD, and from there business as usual. If the
RP supports email addresses, it can use the same process assuming a template is
found to obtain the descriptor.
Note that this workflow does not convert the email to an http URI! All it does
is provide the descriptor of any URI: http, mailto, or other. OpenID will still
need to decide what to use as the actual identifier, but this suggest the
claimed identifier is the mailto URI.
If OpenID
wanted to stick with just URL's and XRI's, but still support email addresses, then
couldn't a redirect be used? For example, bootstrap the URI 'beth@example.com' to get a /site-meta, that
contains the following:
<XRD>
<Link>
<Rel>describedby</Rel>
<MediaType>application/xrd+xml</MediaType>
<TemplateURI
syntax="plain" vocabulary="uri">http://example.com?meta={uri}</TemplateURI>
<site-meta:scheme>mailto
http</site-meta:scheme>
</Link>
</XRD>
The
TemplateURI (http://example.com?meta={uri})
is combined with the mailto: URI (for beth) to become http://example.com?meta=mailto:beth@example.com.
Dereferencing this URL could simply result in a 301/302 redirect to a new URL (http://beth.example.com) that contains
Links/XRD describing beth's OpenID endpoint, and other info, with her claimed
identifier being the final URL (i.e., http://beth.example.com).
Not to say it has to be that way, but it would seem to give OpenID some
flexibility in deciding what to use as a Claimed Identifier (mailto: or http:).
david
|