OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xri] Identical-Priority XRD "URI" Elements...


Thanks for the feedback....I don't know what I was thinking when I put out draft 1 (totally was coming at the problems backwards).  I fully agree with you -- I think this needs to use delegation, and will post an updated pointer to the new draft on the OpenID lists.

Thanks!

David 

On Sun, Jan 11, 2009 at 6:43 PM, John Bradley <jbradley@mac.com> wrote:
Yes extensions like PAPE use service types in that way to advertise there availability.

I however see this more like OP select which is not an extension so gets its own SEP separate from the openID 2.0.

Extensions add functionality to the authentication protocol and to this point are things that require extensions to the OP like PAPE and AX.

What you are proposing is like an extension to discovery and the RP idealy leaving the OP unmodified,  if I understand you correctly.

I think you need something like:

<xrd>
 <Service>    <URI1>https://op1.example.com/server</URI1>
   <URI2>https://op2.example.net/server</URI2>
   <LocalID1>https://acct2.example.net</LocalID1>
   <LocalID2>https://acct2.example.net</LocalID2>
 </Service>

 <Service>  </Service>

 <Service>    <LocalID>https://acct2.example.net</LocalID>
</Service>
</xrd>

That is just a quick example you need properly name-spaced elements to extend the XRD.
You may prefer to have localID be an attribute of your replacement for URI in whatever namespace you use.

One thing I don't see in your examples is a <LocalID>  element for each of the OP's.

I find it implausible that they are both going to authenticate the same claimed_id at least one needs delegation via the <LocalID> element and perhaps both.

If this is going to work with normal OPs you need to treat it as delegation.

I think this gives the user the best controll over what will happen.  They may even define two multi headed configs at different priorities with different OPs in each config.

I don't see the current or proposed XRI /XRD specs precluding what I think you want to do.

=jbradley



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]