OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xri] Proposed XRD schema

What puzzles me here, and why I am advocating a service-centric  
pattern, is for cases why the Entity, in this case Yahoo, offers more  
than one service endpoint.

Take, for example, Yahoo supporting OpenID 1.x and 2.x protocol  
versions, at separate endpoints.  In your example below, how would an  
XRD processor identify which endpoint supports which protocol.  Eg,  
using your pattern:

> <XRD>
>     <SubjectType>http://specs.openid.net/role/provider</SubjectType>
>     <SubjectType>http://specs.openid.net/version/2.1</SubjectType>
>     <SubjectType>http://specs.openid.net/version/1.0</SubjectType>
>     <Link>
>         <Rel>http://specs.openid.net/relation/op-endpoint</Rel>
>         <URI>http://openid.yahoo.com/auth1</URI>
>     </Link>
> <Link>
>         <Rel>http://specs.openid.net/relation/op-endpoint</Rel>
>         <URI>http://openid.yahoo.com/auth2</URI>
>     </Link>
>
> </XRD>

Now, clearly, for the case of openID, the link elements may contain  
distinctly identifiable properties (such as Rel).  It seems to me a  
more approachable way of doing this would be:

<XRD>
	<SubjectType>::SELF</SubjectType>
	<Link>
		<Rel>http://specs.openid.net/version/2.1</Rel>
		<URI>http://openid.yahoo.com/auth2</URI>
	</Link>
	<Link>
		<Rel>http://specs.openid.net/version/1.0</Rel>
		<URI>http://openid.yahoo.com/auth1</URI>
	</Link>
</XRD>

(FWIW, I know i've not expressed this completely, but i hope the point  
is made non-the-less).

Further, as we were discussion on the call last night, If Yahoo wants  
to advertise:
- SAML 2.0 endpoint
- OpenID 2.1 endpoint
- Oauth Endpoint

all in the same XRD, (because the subject is always http://yahoo.com/,  
which is what the user will place in their XRD.

I, as a relying party, may want to perform service selection prefering  
SAML over OpenID (or the other way around).

I do not see how this schema supports that scenario (which is already  
in place and in use for openID and some SAML implementations)

=peterd

On Feb 19, 2009, at 2:57 PM, Eran Hammer-Lahav wrote:

> And openid.yahoo.com’s XRD:
>
> <XRD>
>     <SubjectType>http://specs.openid.net/role/provider</SubjectType>
>     <SubjectType>http://specs.openid.net/version/2.1</SubjectType>
>     <SubjectType>http://specs.openid.net/ext/pape/1.0</SubjectType>
>     <Link>
>         <Rel>http://specs.openid.net/relation/op-endpoint</Rel>
>         <URI>http://openid.yahoo.com/auth</URI>
>     </Link>
> </XRD>

Peter Davis: NeuStar, Inc.
Director & Distinguished Member of the Technical Staff
45980 Center Oak Plaza Sterling, VA 20166
[T] +1 571 434 5516 [E] peter.davis@neustar.biz [W] http://www.neustar.biz/ 
  [X] xri://@neustar*pdavis [X] xri://=peterd
The information contained in this e-mail message is intended only for  
the use of the recipient(s) named above and may contain confidential  
and/or privileged information. If you are not the intended recipient  
you have received this e-mail message in error and any review,  
dissemination, distribution, or copying of this message is strictly  
prohibited. If you have received this communication in error, please  
notify us immediately and delete the original message.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]