OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xri] <Link> Semantics

I see a couple of options... but I'm not sure I've seen any consensus. 
The two options I see are to use multiple <Rel> elements or multiple 
<Type> elements (or a combination of both). However, this gets to how 
much information should be in the XRD associated with the user's OpenID. 
For example, the user's XRD could just point to OpenID provider(s) and 
the service reading the XRD would need to fetch the XRD for each OP in 
order to determine which services that OP supports. This means extra 
fetches but might be the cleanest. This is what is proposed below.

XRD for the OpenID:

<XRD>
   <Expires></Expires>
   <Subject>https://user.op.example.com</Subject>
   <Type>http://specs.openid.net/personal</Type>
   <Link>
      <Rel>http://openid.net/signon/1.0</Rel>
      <URI>https://op.example.com</URI>
   </Link>
   <Link>
      <Rel>http://specs.openid.net/auth/2.0/signon</Rel>
      <URI>https://op2.example.com</URI>
      <LocalID>https://user.op2.exampe.com</LocalID>
   </Link>
</XRD>

XRD for the https://op.example.com:

<XRD>
   <Expires></Expires>
   <Subject>https://op.example.com</Subject>
   <Type>http://openid.net/extensions/sreg/1.1</Type>
   <Type>http://specs.openid.net/extensions/pape/1.0</Type>
   
<Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type>
   <Link>
      <Rel>http://openid.net/signon/1.0</Rel>
      <URI>https://op.example.com/auth</URI>
   </Link>
</XRD>

XRD for the https://op2.example.com:

<XRD>
   <Expires></Expires>
   <Subject>https://op2.example.com</Subject>
   <Type>http://openid.net/srv/ax/1.0</Type>
   <Type>http://specs.openid.net/extensions/pape/1.0</Type>
   
<Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type>
   <Link>
      <Rel>http://specs.openid.net/auth/2.0/signon</Rel>
      <URI>https://op2.example.com/auth</URI>
   </Link>
</XRD>

Please poke holes:) I'm curious as to whether others were thinking along 
the same lines. I tried to find all the correct <Type> values either 
from real XRDS files currently in use and/or the specifications 
themselves. Note that I just made up a value for the <Type> in the XRD 
for the OpenID.

Thanks,
George

Drummond Reed wrote:
>
> Although I'm too tired on a Friday night to try it myself right now, I
> played briefly with different scenarios for doing this over IM with Nat
> after yesterday's call.
>
> What I would love is if someone would contribute before the next 
> telecon two
> fully-fleshed out example XRDs in the new proposed schema
> (http://wiki.oasis-open.org/xri/XrdOne/XrdSchema) that illustrate the
> following typical OpenID scenario:
>
> 1) An OP user's XRD that references the OP's XRD and includes links for
> OpenID 1.1, and OpenID 2.0 with SREG and PAPE support.
>
> 2) The OP's XRD that describes the OP's endpoints for both services above.
>
> These examples would go a long ways towards closing this question, and 
> would
> likely serve double duty because we could use them as the basis for 
> examples
> we would use in the XRD 1.0 spec.
>
> If it's easier to just post these examples to the list, I'll volunteer to
> transcribe them to the wiki.
>
> Thanks,
>
> =Drummond
>
> > -----Original Message-----
> > From: Nat Sakimura [mailto:n-sakimura@nri.co.jp]
> > Sent: Thursday, March 12, 2009 10:18 PM
> > To: XRI TC
> > Subject: [xri] <Link> Semantics
> >
> > Hi.
> >
> > I screwed up the DST that I called in one hour late today...
> > (Hey, it is still the second week of March!)
> >
> > Anyways:
> >
> > From what I heard over a pretty noisy international telephone line,
> > I think I heard something tlike <Link> always represents a relationship
> > between
> > the resource described by the XRD (identified canonically by the
> > XRD:Subject element) and another target resource.
> >
> > My first question is: Could this target resource be oneself?
> >
> > In case of OpenID, both user and the OP has XRD.
> > User's <Link> elements describes which OP endpoints he wishes to use.
> > OP needs to express his target endpoint in his XRD somehow.
> > Traditionally, it was done in <Service>. Is it now <Link> that does 
> this?
> >
> > If that is true, we now have no <Type> inside <Link>.
> > How do we express that <Link> is representing for example OpenID 2.0 
> AuthN
> > endpoint?
> >
> > Regards,
> >
> > =nat
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe from this mail list, you must leave the OASIS TC that
> > generates this mail.  Follow this link to all your TCs in OASIS at:
> > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]