Sxip concerns with YADIS
dick at sxip.com
Sun Dec 18 04:05:54 UTC 2005
We spent some time looking at YADIS to see how a persona-url could
support multiple identity protocols, specifically, how could someone
have a persona-url that worked with SXIP and the protocols currently
working with YADIS.
We think that the blogosphere will likely be the source of many of
the early adopters of an identity system, and that the URL of their
blog is something they think of as being part of their identity, and
is one of their personas. The URL is a unique identifier, and we call
it a persona-url.
The persona-url points to an HTML page that contains markup that
allows an identity system to discover information about the persona.
YADIS is about allowing Relying Partys (RP) to understand what
protocol a persona-url supports.
The YADIS Capability Discovery Protocol  requires the persona-url
to return either an HTML page that contains a link (capabilities-url)
to an XRDS XML file , or an XRDS XML file
Assuming the premise that most persona-urls will point to HTML pages,
most of the time the RP will have to fetch two documents, and that
*ALL* RPs will have to have an XML parser.
- double the number of GETs for all HTML persona-urls
- XML parsers take time to load and parse a file
- the user needs control over both the pesona-url AND the
capabilities-url to secure their identity. Double the URLs, double
- all major web development platforms have high performance HTML
parsers that present the document as a DOM. XML parsing is common,
but is more complex than manipulating a DOM, and another thing for
the developer to figure out.
- getting two files requires more code, and more chances of
something being broken
We liked the way that OpenID worked earlier with a LINK tag in HTML:
<link rel="openid.server" href="http://bob.com/openid-server.app" >
We will have a LINK tag that looks something like this:
<link rel="dix-homesite" href="http://homesite.com/sxip-server.app"
class="dix:/core#1 dix://sxip.net/siple#1" >
And think that LID could have a tag like this:
<link rel="lid.capabilities" type="application/xrds+xml"
Given that most protocols will have their own ways of describing what
it can do, we don't see value in a common capability file.
More information about the yadis