Proposal for an XRI (i-name) profile for OpenID

Victor Grey victor at 2idi.com
Sun Apr 2 22:10:17 UTC 2006


## Responses inline
=vg

Lukas Rosenstock wrote:
> As far as I can see the OpenID specification is correct. There is not 
> much change except the usage of a different terminology 
> (Principal/SP/IDA).
> However, as you've only changed step 2 this should be described in 
> more detail.
>
>> 2. SP uses XRI Resolution to discover the Principal's authentication 
>> service URL. If more than one authentication service URL is sent in 
>> the resolution response, the first one in priority order (as defined 
>> by XRI Resolution 2.0) should be tried first, and if that fails, the 
>> SP MAY try the others, in order.
>
> How exactly is this specified? I think it's a <Service>-block in the 
> last <XRD>-element with <Type> of http://openid.net/signon/1.0 as 
> defined by Yadis, but this should be added explicitly here.
## Yes, except I think the type would be 
<Type>xri://@xdi.org*(+authenticationService)</Type>

>>      openid.identity
>>      ## The XRI from step 1
> This is an absolute XRI, right? Like xri://=username.
## Yes, good point.

> So the only change for the OpenID server is that not only http: and 
> https: but also xri: is a valid URI scheme.
## Yes.

## You comments made me realize that I'm assuming that an XRI resolver 
library is available to extract that authentication service URL -- I 
should make that more explicit. ## (There are several implementations 
of XRI resolver libraries in the works, including one in Ruby by me.)



More information about the yadis mailing list