Implementing YADIS with no new software

Ernst Johannes at
Tue Nov 1 08:49:51 PST 2005

It's interesting to me how many people think only of authentication/ 
single-sign-on as a feature when they think about digital identity.  
(This is a general comment but I thought I jump in to outline a  
broader picture.)

If that feature was the only one that was of interest, I'd agree with  
you and others and say that a simple add-on to HTML HEAD was sufficient.

But if you take, for example, Doc Searls' often-repeated car-rental  
example (a variation of which I also talked about at IIW 2005 --  
slides are at ), then this points to a  
future where, among many other things, many different kinds of  
digital identity-related protocols can enable a Cluetrain-inspired  
inversion of control between people and organizations/companies and  
among people themselves. Such as: do I go to car rental websites to  
see what they have on offer and reserve a car, or do I publish what I  
need and the car rental companies come to me to make an offer  
according to what I want?

I can't find a good place right now where this use case is described  
on the web (can anybody help?) but it's a little a bit of an eye- 
opener to the impact these kinds of technologies can (will?) have. I  
assure you it's much more exciting than single-sign-on ;-) but also  
that without single-sign-on, it won't get very far.

In other words, authentication protocols a la OpenID, LID/SSO and  
whatever are only the very first baby step, and many are to come. One  
of the things we are trying to do with YADIS is to create a  
foundation on top of which these kinds of richer (and much more  
valuable) protocols can emerge. I let them speak for themselves, but  
I know that there are several people on this very mailing list that  
are trying to develop some of those higher-level protocols. To make  
this possible, we need to build the foundation right so the higher- 
level stuff can scale and lots of people can come up with lots of  
cool stuff without everybody hacking yet another special case into  
HTML HEAD or whatever.

Which is one of the reasons we came up with a ?meta=capabilities  
query with a "clean" format behind it. I hope this clarifies a little.



On Nov 1, 2005, at 6:10, Sam Ruby wrote:

> Martin Atkins wrote:
>> With a few changes to the discovery mechanism, I believe that it  
>> would
>> be possible to support all this YADIS business with no further
>> implementation.
>> There are two key changes:
>> * The <link> element in the retrieved HTML document, rather than  
>> being
>> required to point at an identity server, is instead specified as
>> pointing at a capability document. This doesn't really change much
>> except the terminology used.
>> * The capability declaration document (the x-meta-identity thing) is
>> extended to support the specification of a URL to use as the endpoint
>> for each declared capability.
> Why require two network interactions to simply find a server?
> Why not simply put a single link tag in for each server that you  
> support?
>   <link rel="openid.server" href="OPENID.SERVER">
>   <link rel="lid.server"    href="LID.SERVER">
> If this ever gets to the point where it is unweildy, then one could go
> the route of the meta-identity server:
>   <link rel="meta.server"   href="META.IDENTITY.SERVER">
> I suspect, however, that few of us will find a need for it.
> - Sam Ruby

Johannes Ernst
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
Url :
-------------- next part --------------

More information about the yadis mailing list