Questions in case of multipul Types for one Service

Martin Atkins mart at degeneration.co.uk
Sat Apr 15 15:41:28 UTC 2006 

Josh Hoyt wrote:
> On 4/14/06, Johannes Ernst <jernst+lists.danga.com at netmesh.us> wrote:
> 
>>Why wouldn't you obtain the Yadis documents "on demand", i.e. when
>>you are about to try using the identity URL for something like SSO?
> 
> 
> I believe the case that he is describing is a case where you use
> services from two different providers, but want to use the same
> identifier for each of them. Something like:
> 
> http://blinkogami.com/j3h returns the following document when the
> Yadis protocol is used:
> 
> <xrds:XRDS
>     xmlns:xrds="xri://$xrds"
>     xmlns:openid="http://openid.net/xmlns/1.0"
>     xmlns="xri://$xrd*($v*2.0)">
>     <XRD>
>         <Service priority="10">
>             <Type>http://openid.net/signon/1.2</Type>
>             <URI>http://www.myopenid.com/server</URI>
>             <openid:Delegate>http://josh.myopenid.com/</openid:Delegate>
>         </Service>
> 
>         <Service priority="50">
>             <Type>http://openid.net/signon/1.2</Type>
>             <URI>http://mylid.net/j3h.</URI>
>             <openid:Delegate>http://mylid.net/j3h.</openid:Delegate>
>         </Service>
>     </XRD>
> </xrds:XRDS>
> 

Support for multiple identity providers was discussed a bit when we were
originally speccing out OpenID. In the end it wasn't included:
    <http://article.gmane.org/gmane.comp.web.openid.general/500/>

However, that was before the protocol was changed so that there is an
initial handshake between Consumer and Server before the consumer
redirects the user-agent to the Server. The problem of detecting failure
becomes easier; the only problem is if the consumer-to-server request
succeeds but the client-to-server request does not, which isn't going to
happen that often.

The other argument was cleanly pairing up servers with delegates, which
— as we can see in Josh's example above — is handled nicely by YADIS.

This might be worth revisiting now, even if it's just as simple as
OpenID's earlier "declare multiple servers and consumer decides what it
wants to do about it" approach, where the spec remains silent about
multiple services except to say that it is allowed.

More information about the yadis mailing list