Implementing a client: Where's the HOWTO?

Dan Lyke danlyke at
Thu May 19 18:23:29 PDT 2005

Stupid questions time: I'm burned out on working on 3d animation
software all day and have decided to relax by digging into some Perl
code. Yes, I am a sick puppy.

So: I have a weblog content management system[1]. I already have
several different methods of authentication, including LID(tm), but
being a "new features is better!" weenie, I obviously want to add
YADIS/OpenID logins as soon as possible.

I'm reading through the spec at
and I'm trying to understand a few things. If I get the sequence

1. I present the user with a login screen that contains, as one of its
   options, a "YADIS/OpenID" URL entry.

2. When the user presses "submit", I send a redirect to that URL with
   the following arguments appended (if the string already contains a
   "?". then they're appended with an intervening "&", otherwise it's
   a "?"):

   return_to - a URL which can contain state information about the
   user session (ie: something like

   trust_root - The URL of my site (ie: "")

   is_foaf - ? Got an example of what this is supposed to have in it?


3. Magic happens at the user's URL, and then I get a redirect back to
   the return_to URL with:


   assert_foaf - ? Some tag I need to validate in some way ?

   user_setup_url - a place I can redirect the user to if I can't make
   sense of assert_foaf. I assume that this will maintain my state
   information as mentioned in my "return_to" notes above.

4. To validate that assert_foaf, I do a GET of the user's original
   YADIS/OpenID URL, look for some FOAF autodiscovery tag, do another
   GET to retrieve that file, and... do... something.

So, my questions are:

1. What do I stock is_foaf=... with?

2. What do I do with assert_foaf?

3. What does the FOAF autodiscovery tag look like?

4. What's the extension to FOAF that I do something with to check the
   assert_foaf thingie?



[1] Available from . It's the first (and so
    far as I know, only) weblog system to have a bidirectional NNTP
    interface, LID authentication, plus all of the other usual crap.

More information about the yadis mailing list