[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xri] LocalID and CanonicalID in openID blog post from today.
John, first, thanks for the blog post, and
second, yes I agree completely with you that only CanonicalIDs that meet the
verification rules in XRI Resolution 2.0 Committee Draft 02 (http://docs.oasis-open.org/xri/2.0/specs/xri-resolution-V2.0.html)
should verify. Anything else should not. =Drummond From: John Bradley
[mailto:jbradley@mac.com] Gabe your place in history is guaranteed:) I can see use cases for not having a CID. However openID isn't
one of them in my opinion. This makes it harder for me to be clear in
my recommendations to RP authors. However its not like they are going to read or understand the XRI spec
anyway. Any feedback to the question I posted on Friday to the list re this
issue? =jbradley On 23-Feb-08, at 10:49 PM, Gabe Wachob wrote:
I get the sense that
there's a set of use cases that will be named after me!!! ;) On Fri, Feb 22, 2008 at 9:19 AM, John Bradley <jbradley@mac.com> wrote: I fixed the spelling mistake. I am in good shape if that was the
only one. In the plaxo group we are digging into the specifics of the CID issue.
We have community authority servers in the wild allowing people to set
anything they like as CID. ie @xrid*hacker returning <?xml
version="1.0" encoding="UTF-8"?> <XRDS
ref="xri://@xrid*hacker" xmlns="xri://$xrds"> <XRD
xmlns="xri://$xrd*($v*2.0)"> <Query>*xrid</Query>
<Status code="100"/>
<Expires>2008-02-22T18:04:11.000Z</Expires>
<ProviderID>xri://@</ProviderID> <LocalID
priority="10">!94BB.B642.A6F3.CD9</LocalID> <CanonicalID
priority="10">@!94BB.B642.A6F3.CD9</CanonicalID> <Service
priority="10"> <Type select="true">xri://$res*auth*($v*2.0)</Type>
<ProviderID>xri://@xrid</ProviderID> <Path match="null"/>
<MediaType>application/xrds+xml;trust=none</MediaType> <URI
priority="10">http://auth.xrid.net/</URI>
</Service> <Service priority="100"> <Type
match="none"/> <Path match="none"/> <MediaType
match="none"/> </Service> </XRD> <XRD
xmlns="xri://$xrd*($v*2.0)"> <Query>*hacker</Query>
<Status code="241">Requested service endpoint not
found.</Status> <CanonicalID>@xrid*hacker</CanonicalID>
<Service priority="10"> <Type
select="true">xri://$res*auth*($v*2.0)</Type> <Path
match="null"/>
<MediaType>application/xrds+xml;trust=none</MediaType> <URI
priority="10">http://auth.xrid.net/!278/</URI> </Service>
<Service priority="1"> <Type select="true">http://specs.openid.net/auth/2.0/signon</Type>
<URI append="qxri">http://www.myopenid.com/server?qxri=</URI>
<LocalID>http://polyonymous.myopenid.com/</LocalID>
</Service> <Service priority="5"> <Type
select="true">http://openid.net/signon/1.0</Type> <URI>http://www.klever.net/openid/server</URI>
<Delegate xmlns="http://openid.net/xmlns/1.0">http://hacker.klever.net/</Delegate>
</Service> </XRD> </XRDS> Yes the CID in the final XRD is @xrid*hacker. People
entering there own CIDs presents interesting questions. The discussion is towards the end of the "Thread-Safe - XRI & openID 2.0 questions" thread. I didn't want to confuse the
issue with edge cases. From an RP point of view every
XRD MUST have a CID that passes validation, otherwise they shouldn't be
logging in. Yes there are other use cases
where not having a CID makes sense (Gabe). However I would like to
discourage the use of CIDs that are not validate-able by the
resolver. =jbradley On 22-Feb-08, at 8:34 AM, Markus Sabadello wrote:
Hmm cool post.. First
text I read about actual applications of 2.0 resolution. On Thu, Feb 21, 2008 at 11:59 PM, John Bradley <jbradley@mac.com> wrote: As promised the blog post
on LocalID and CanonicalID in openID
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]