Re: [xri] Proposed XRD schema

[Peter Davis <peter.davis@neustar.biz>]

What puzzles me here, and why I am advocating a service-centric pattern, is for cases why the Entity, in this case Yahoo, offers more than one service endpoint.

Take, for example, Yahoo supporting OpenID 1.x and 2.x protocol versions, at separate endpoints.  In your example below, how would an XRD processor identify which endpoint supports which protocol.  Eg, using your pattern:

<XRD>
    <SubjectType>http://specs.openid.net/role/provider</SubjectType>
    <SubjectType>http://specs.openid.net/version/2.1</SubjectType>

    <SubjectType>http://specs.openid.net/version/1.0</SubjectType>

    <Link>
        <Rel>http://specs.openid.net/relation/op-endpoint</Rel>
        <URI>http://openid.yahoo.com/auth1</URI>
    </Link>

<Link>
        <Rel>http://specs.openid.net/relation/op-endpoint</Rel>
        <URI>http://openid.yahoo.com/auth2</URI>
    </Link>

</XRD>

Now, clearly, for the case of openID, the link elements may contain distinctly identifiable properties (such as Rel).  It seems to me a more approachable way of doing this would be:

<XRD>

<SubjectType>::SELF</SubjectType>

<Link>

<Rel>http://specs.openid.net/version/2.1</Rel>

<URI>http://openid.yahoo.com/auth2</URI>

</Link>

<Link>

<Rel>http://specs.openid.net/version/1.0</Rel>

<URI>http://openid.yahoo.com/auth1</URI>

</Link>

</XRD>

(FWIW, I know i've not expressed this completely, but i hope the point is made non-the-less).

Further, as we were discussion on the call last night, If Yahoo wants to advertise:

- SAML 2.0 endpoint

- OpenID 2.1 endpoint

- Oauth Endpoint

all in the same XRD, (because the subject is always http://yahoo.com/, which is what the user will place in their XRD.

I, as a relying party, may want to perform service selection prefering SAML over OpenID (or the other way around).

I do not see how this schema supports that scenario (which is already in place and in use for openID and some SAML implimentations)

On Feb 19, 2009, at 2:57 PM, Eran Hammer-Lahav wrote:

And openid.yahoo.com’s XRD:

<XRD>
    <SubjectType>http://specs.openid.net/role/provider</SubjectType>
    <SubjectType>http://specs.openid.net/version/2.1</SubjectType>
    <SubjectType>http://specs.openid.net/ext/pape/1.0</SubjectType>
    <Link>
        <Rel>http://specs.openid.net/relation/op-endpoint</Rel>
        <URI>http://openid.yahoo.com/auth</URI>
    </Link>
</XRD>

Peter Davis: NeuStar, Inc.

Director & Distinguished Member of the Technical Staff

45980 Center Oak Plaza Sterling, VA 20166

[T] +1 571 434 5516 [E] peter.davis@neustar.biz [W] http://www.neustar.biz/ [X] xri://@neustar*pdavis [X] xri://=peterd

The information contained in this e-mail message is intended only for the use of the recipient(s) named above and may contain confidential and/or privileged information. If you are not the intended recipient you have received this e-mail message in error and any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately and delete the original message.