proposal for capabilities lookup

[Martin Atkins]

Ernst Johannes wrote:
> I'm not entirely following what you are proposing. Comments in-line.
> 

I'm not proposing anything, I'm just attempting to refine the
requirements. I agree with your view that type is orthogonal to what
we're retrieving.

> 
> The OpenID case is a little different because the URL points to the 
> OpenID identity server, rather than a capabilities lookup (which does 
> not exist in OpenID). On another level, of course there is a parallel 
> -- but note that my proposal does not make things worse, does it?
> 

In normal circumstances, the URL you'd enter for OpenID points at an
HTML document which points at your identity server. In the OpenID
through YADIS case, you enter your YADIS URL which somehow ends up
pointing at a capabilities document which then serves the purpose that
the HTML document was serving in plain OpenID.

If YADIS requires two requests, then we have the following:
* Request entered YADIS URL. Get capabilities URL from either HTTP
headers or document.
* Request the capabilities URL and discover the OpenID identity server.
* If the OpenID capability declares a specific identity URL to use
rather than accepting the default of the specified YADIS URL, request
that URL and ensure that it returns an HTML document which correctly
declares a matching identity server.
* Make the request to the OpenID identity server to negotiate.

By providing a hint in that initial request, that list can be reduced by
one item, which is valuable to server implementations built in to things
such as weblog apps which would otherwise have to spend a lot of time
generating an HTML document which is going to be immediately discarded.