OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xri] <Link> Semantics


Title: Re: [xri] <Link> Semantics
When you look at SREG and PAPE, it is not clear if these are properties of the endpoint or the service. I hope we can agree that they are not properties of the user’s relation to the IDP.

If an extension is a property of the service, it should be expressed as an XRD-level Type on the IDP’s XRD.

If an extension is a property of the endpoint (specifically OpenID), it should be expressed as a relation type on the endpoint’s Link. This is where the flow should be optimized over a purist approach to the architecture. According to the XRD architecture, this is the pure model:

The IDP’s XRD:

<XRD>
    <Subject>http://provider.example.org</Subject>
    <Type>http://openid.example.net/type/provider</Type>
    <Link>
        <Rel>http://openid.example.net/endpoint/auth/2.0</Rel>
        <URI>http://provider.example.org/2.0/signon</URI>
    </Link>
</XRD>

And the 2.0 endpoint’s XRD:

<XRD>
    <Subject>http://provider.example.org/2.0/signon</Subject>
    <Type>http://openid.example.net/type/endpoint/signon/2.0</Type>
    <Type>http://openid.example.net/type/ext/some_extension</Type>
</XRD>

BUT, this approach does not add any value over a single IDP’s XRD:

<XRD>
    <Subject>http://provider.example.org</Subject>
    <Type>http://openid.example.net/type/provider</Type>
    <Link>
        <Rel>http://openid.example.net/endpoint/auth/2.0</Rel>
        <Rel>http://openid.example.net/ext/some_extension</Rel>
        <URI>http://provider.example.org/2.0/signon</URI>
    </Link>
</XRD>

Because it is unlikely that the IDP will be delegating its endpoints to another service. Since the IDP has control (and full sync) across its multiple endpoints, it can be expected to manage a single XRD that reflects the properties of its various endpoints. So using a Rel instead of a Type for endpoint-level extensions is more appropriate than adding another XRD for the endpoint.

It is still consistent with the architecture because it treats the IDP as a single unit, as opposed to the User/IDP pair which is not.

EHL



On 3/13/09 8:40 PM, "Drummond Reed" <drummond.reed@cordance.net> wrote:

Although I'm too tired on a Friday night to try it myself right now, I
played briefly with different scenarios for doing this over IM with Nat
after yesterday's call.

What I would love is if someone would contribute before the next telecon two
fully-fleshed out example XRDs in the new proposed schema
(http://wiki.oasis-open.org/xri/XrdOne/XrdSchema) that illustrate the
following typical OpenID scenario:

1) An OP user's XRD that references the OP's XRD and includes links for
OpenID 1.1, and OpenID 2.0 with SREG and PAPE support.

2) The OP's XRD that describes the OP's endpoints for both services above.

These examples would go a long ways towards closing this question, and would
likely serve double duty because we could use them as the basis for examples
we would use in the XRD 1.0 spec.

If it's easier to just post these examples to the list, I'll volunteer to
transcribe them to the wiki.

Thanks,

=Drummond

> -----Original Message-----
> From: Nat Sakimura [mailto:n-sakimura@nri.co.jp]
> Sent: Thursday, March 12, 2009 10:18 PM
> To: XRI TC
> Subject: [xri] <Link> Semantics
>
> Hi.
>
> I screwed up the DST that I called in one hour late today...
> (Hey, it is still the second week of March!)
>
> Anyways:
>
> From what I heard over a pretty noisy international telephone line,
> I think I heard something tlike <Link> always represents a relationship
> between
> the resource described by the XRD (identified canonically by the
> XRD:Subject element) and another target resource.
>
> My first question is: Could this target resource be oneself?
>
> In case of OpenID, both user and the OP has XRD.
> User's <Link> elements describes which OP endpoints he wishes to use.
> OP needs to express his target endpoint in his XRD somehow.
> Traditionally, it was done in <Service>. Is it now <Link> that does this?
>
> If that is true, we now have no <Type> inside <Link>.
> How do we express that <Link> is representing for example OpenID 2.0 AuthN
> endpoint?
>
> Regards,
>
> =nat
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php



---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]