Sxip concerns with YADIS

Martin Atkins mart at degeneration.co.uk
Mon Dec 19 13:46:46 UTC 2005 

Dick Hardt wrote:
> 
> On 18-Dec-05, at 11:00 AM, Josh Hoyt wrote:
> 
>>
>> Parsing HTML also takes time, and there must be support for markup
>> that is not well-formed, since a significant fraction of deployed HTML
>> is ill-formed. Since the capabilities document is small and will
>> likely be machine-generated, it is less likely to be ill-formed. Also,
>> since this is a new format, there is no legacy of ill-formed content
>> to contend with.
> 
> 
> most blogging tools produce well formed content, but there already is 
> lots of working code that deals with this. Nothing new is needed. 
> Parsing HTML is MUCH faster then parsing XML still. I have had lots 
> perf analysis done on this.

What libraries do you use to parse HTML? What makes XML so fundamentally
harder to parse than HTML anyway?

I don't doubt your conclusion, but I'm interested in hearing more
details nonetheless, as it's been my experience that there is a much
wider variety of general XML parser libraries than there are HTML parser
libraries out there.

> Also, per the spec, *ALL* Relying Parties will HAVE to be able to  parse
> the HTML, since that is an option.

It should be noted that the Perl OpenID library "parses" the HTML using
regexes, not an HTML parser.

>>
>> 3. The format allows for expressing preferences about which identity
>> services should be used. I could include SXIP, OpenID, and LID and say
>> that I prefer them to be used in that order. A relying party could
>> then respect my preferences and make my user experience more
>> consistent.
> 
> 
> Good point. A Relying Party may more likely choose it's own 
> preferences. :)
> 

I agree. It's more likely that the relying party will pick the protocol
that it has best support for. The YADIS capability document says "I can
do all of these things"; it's up to the relying party to pick which ones
are appropriate.

> 
> Current model requires *both* HTML and XML parsing. Simpler if only  one
> is needed, so make that HTML.
> 
> Allow simple declarations in HTML for simple Relying parties. Lowers 
> barrier to entry.
> 
> XML can be used for extensions for Relying Parties that want to take 
> advantage of it.
> 

While I'd like to agree with you, once the model changes to everyone
trampling separately over the LINK REL namespace, what exactly is YADIS?
If everyone's picking their own stuff to add to the HTML HEAD, then the
model is just "look at the HTML head for the stuff you support", which
is already possible and indeed widely used to discover RSS feeds and so
forth.

Of course, YADIS being superflous is a valid conclusion, and one I might
even agree with in the face of a good list of pros and cons.

More information about the yadis mailing list