Yadis and OpenID: openid.server vs X-YADIS-Location
Lukas Leander Rosenstock
webmaster at lukasrosenstock.net
Thu Mar 9 20:32:22 UTC 2006
Martin Atkins wrote:
>* Allow relying parties to do what they want and say in the OpenID spec
>that the Yadis document and the openid.server must point at the same URL
>or the behavior is undefined. This option reflects reality, since
>pre-Yadis OpenID consumers are going to look only at openid.server while
>Yadis-only OpenID consumers are going to look only at the Yadis document.
>
>
I mainly agree to this, I would state it in the spec as follows:
- OpenID URLs MUST allow discovery of their server through Yadis. For
backwards compatibility it is RECOMMENDED that they deliver an
openid.server link tag (but this is not necessary -> quick adoption of
Yadis). If they do so it MUST point to the same OpenID server which is
the most priorized URL in the Yadis Resource Descriptor.
- OpenID consumers MUST be able to discover the OpenID server URL
through Yadis. They MAY use the openid.server link tag instead of the
Yadis Resource Descriptor. They MAY also ignore any link tags and look
in the Yadis document only.
I'm currently working on an OpenID identity service provider and I've
decided to deliver the XRDS directly based upon the Accept-header,
deliver a header X-XRDS-Location, and include an openid.server link tag
but announce from the beginning that I might remove this link tag at
some point in the future to concentrate on Yadis.
Regards,
Lukas
PS: The current Yadis spec changed X-YADIS-Location to X-XRDS-Location.
More information about the yadis
mailing list