[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] Identical-Priority XRD "URI" Elements...
Yes extensions like PAPE use service types in that way to advertise there availability.
I however see this more like OP select which is not an extension so gets its own SEP separate from the openID 2.0.
Extensions add functionality to the authentication protocol and to this point are things that require extensions to the OP like PAPE and AX.
What you are proposing is like an extension to discovery and the RP idealy leaving the OP unmodified, if I understand you correctly.
I think you need something like:
<xrd>
<Service> <URI1>https://op1.example.com/server</URI1>
<URI2>https://op2.example.net/server</URI2>
<LocalID1>https://acct2.example.net</LocalID1>
<LocalID2>https://acct2.example.net</LocalID2>
</Service>
<Service> </Service>
<Service><URI>https://op2.example.net/server</URI><LocalID>https://acct2.example.net</LocalID>
</Service>
</xrd>
That is just a quick example you need properly name-spaced elements to extend the XRD.
You may prefer to have localID be an attribute of your replacement for URI in whatever namespace you use.
One thing I don't see in your examples is a <LocalID> element for each of the OP's.
I find it implausible that they are both going to authenticate the same claimed_id at least one needs delegation via the <LocalID> element and perhaps both.
If this is going to work with normal OPs you need to treat it as delegation.
I think this gives the user the best controll over what will happen. They may even define two multi headed configs at different priorities with different OPs in each config.
I don't see the current or proposed XRI /XRD specs precluding what I think you want to do.
=jbradley
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]