Re: [xri] LocalID and CanonicalID in openID blog post from today.

[John Bradley <jbradley@mac.com>]

I fixed the spelling mistake.  I am in good shape if that was the only one.

In the plaxo group we are digging into the specifics of the CID issue.  We have community authority servers in the wild allowing people to set anything they like as CID.

ie @xrid*hacker

returning

<?xml version="1.0" encoding="UTF-8"?> <XRDS ref="xri://@xrid*hacker" xmlns="xri://$xrds"> <XRD xmlns="xri://$xrd*($v*2.0)"> <Query>*xrid</Query> <Status code="100"/> <Expires>2008-02-22T18:04:11.000Z</Expires> <ProviderID>xri://@</ProviderID> <LocalID priority="10">!94BB.B642.A6F3.CD9</LocalID> <CanonicalID priority="10">@!94BB.B642.A6F3.CD9</CanonicalID> <Service priority="10"> <Type select="true">xri://$res*auth*($v*2.0)</Type> <ProviderID>xri://@xrid</ProviderID> <Path match="null"/> <MediaType>application/xrds+xml;trust=none</MediaType> <URI priority="10">http://auth.xrid.net/</URI> </Service> <Service priority="100"> <Type match="none"/> <Path match="none"/> <MediaType match="none"/> </Service> </XRD> <XRD xmlns="xri://$xrd*($v*2.0)"> <Query>*hacker</Query> <Status code="241">Requested service endpoint not found.</Status> <CanonicalID>@xrid*hacker</CanonicalID> <Service priority="10"> <Type select="true">xri://$res*auth*($v*2.0)</Type> <Path match="null"/> <MediaType>application/xrds+xml;trust=none</MediaType> <URI priority="10">http://auth.xrid.net/!278/</URI> </Service> <Service priority="1"> <Type select="true">http://specs.openid.net/auth/2.0/signon</Type> <URI append="qxri">http://www.myopenid.com/server?qxri=</URI> <LocalID>http://polyonymous.myopenid.com/</LocalID> </Service> <Service priority="5"> <Type select="true">http://openid.net/signon/1.0</Type> <URI>http://www.klever.net/openid/server</URI> <Delegate xmlns="http://openid.net/xmlns/1.0">http://hacker.klever.net/</Delegate> </Service> </XRD> </XRDS>

Yes the CID in the final XRD is @xrid*hacker. People entering there own CIDs presents interesting questions.

The discussion is towards the end of the "Thread-Safe - XRI & openID 2.0 questions" thread.

I didn't want to confuse the issue with edge cases.  

From an RP point of view every XRD MUST have a CID that passes validation,  otherwise they shouldn't be logging in.

Yes there are other use cases where not having a CID makes sense (Gabe).  

However I would like to discourage the use of CIDs that are not validate-able by the resolver.

=jbradley

On 22-Feb-08, at 8:34 AM, Markus Sabadello wrote:

Hmm cool post.. First text I read about actual applications of 2.0 resolution.

- I think according to the specification it's not really true that in XRI resolution you must always have a CanonicalID on the XRD level, but for the purpose of blogging about this topic it's probably better to say it the way you did :)

- Did you mean to say that CIDs are "non-reasonable" identifiers, or is that supposed to say "non-reassignable"?

- The idea of using the SEP LocalID for OpenID delegation is great.. I think right now implementations use <openid:Delegate>, but <LocalID> sounds much more reasonable.

- It would also be interesting to consider how EquivID and CanonicalIDEquiv would fit into this scenario.

Markus

On Thu, Feb 21, 2008 at 11:59 PM, John Bradley <jbradley@mac.com> wrote:

As promised the blog post on LocalID and CanonicalID in openID

http://thread-safe.livejournal.com/9422.html

=jbradley

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php