Namespaces in YADIS Capabilities Documents

Josh Hoyt josh at janrain.com
Sun Nov 27 23:21:17 PST 2005 

Addressing just one point of your message:

On 11/27/05, Michael Graves <groupmg at gmail.com> wrote:
> The example you give argues both ways, I think. As I understand it, an OpenID
> "delegate" is just the URI one is know by for a particular OpenID server. If I
> want to log in somewhere as "http://gravesfam.com/mike/", right now I need to
> use a delegate ("http://www.livejournal.com/users/michaelgraves/") as my
> "username" for the LiveJournal server. So far, so good, that maps OK to the
> TypeKey username. But things diverge when I actually log in successfully with
> "relying party" (heh!). Depending on what the local policy of the relying party
> is, I can be represented there as either my presented YADIS ID
> (http://gravesfam.com/mike/) or as my delegated YADIS ID
> (http://www.livejournal.com/users/michaelgraves/).
>
> Now, in this case, my delegate YADIS ID and my TypeKey username are not
> practically equivalent; for example, the relying party cannot forward me to yet
> another relying party for SSO "bliss" with my TypeKey username. It can with my
> delegate YADIS ID. See the difference. That may sound like hair-splitting,
> but I think we will find that in practice, what things are semantically "the
> same" is going to be much hard to find unanimity, or even consensus on then we
> think it may now. If that's the case, I'm inclined to relegate that issue to
> the "chaos" bucket, and let each participating service decide for itself what
> elements for various services are interchangeable and what aren't.

Perhaps I chose the wrong name for the tag that I was using as an
example, which could serve as an argument in favor of not trying to
work out the commonalities. The meaning I intended for the contents of
the <username> tag is "the identifier for this user in the service's
namespace". <identifier> or <LocalName> may be a clearer tag name. In
fact, restricting the tag to SSO is probably specifying too much. Any
service that can use something other than this particular identity URL
as an identifier for the user will need a tag with this meaning in its
service definition.

I'm not sure if I understand what you mean by one relying party
"forwarding" you to another. Can you give an example?

I think there is some consensus that whenever a relying party needs to
display a handle for a user, the identity URL and not the delegate
should be displayed. We should make a strong statement about what
YADIS relying parties display as user handles.

Josh

More information about the yadis mailing list