OpenID service URI and XML namespace
Martin Atkins
mart at degeneration.co.uk
Tue Dec 6 19:22:49 UTC 2005
Josh Hoyt wrote:
> Our implementation of YADIS for OpenID identity URLs uses the
> following for service URI and XML namespace:
>
> http://openid.net/services/1.0
> http://openid.net/xmlns/1.0
> defining one tag: <Delegate>, whose content is the delegate URL
>
> Can the OpenID advocates among us either bless these choices or come
> up with better alternatives?
>
> See http://josh.myopenid.com/xrds for an example of how they are used.
>
To do an OpenID request, an OpenID consumer needs the following information:
* The OpenID identity URL
* The OpenID server URL
The latter is discovered from the former, as we all know. In the YADIS
relying party case, there are two possibilities:
* The YADIS URL *is* the OpenID Identity URL, in which case the YADIS
capability definition needs to contain the OpenID server URL.
* The OpenID Identity URL is different and specified in the YADIS
capability definition. This achieves the same result as OpenID
delegation and so OpenID's own delegation mechanism is redundant to a
YADIS relying party.
Two fields are needed in the OpenID capability, then: server URL and
optional alternative OpenID identity URL. Technically these should be
mutually exclusive, but in practice it is more practical to do as OpenID
does and require the server URL even when delegation is used, avoiding
the need for the consumer (relying party) to go off and fetch the
document at the OpenID identity URL. The delegation URL should be
optional, however; in most cases, including on myopenid.com, the
delegation URL will be the same as the YADIS URL anyway.
Having a butchers at your example document this seems to cover
everything I've just rambled verbosely about, with the server URL
handled by the standard XRD "URL" element, so I guess I bless your
XML-related choices! :)
I see that the OpenID version has been absorbed into the URL; I assume
this was something that came up in the meeting, as before it was
specified as an attribute. While it's a minor point, I think I'd prefer
the capability URL (service URI?) to be <http://openid.net/signon/1.0>,
thus allowing OpenID to add other capabilities in the future while
retaining the same naming scheme.
More information about the yadis
mailing list