Implementing YADIS with no new software

[Dan Libby]

On Tuesday 01 November 2005 08:20, Kurt Raschke wrote:

> I really would prefer a solution like what you or I have described
> which could be included inline in an HTML document--I really do not
> see why we need a separate document and another bandwidth hit just to
> find an identity server.  It really over-complicates things in my mind.
>
> Perhaps there should be a separate variant of the protocol for non-
> HTML documents?  The <link ...> and such would make for such an
> elegant solution in HTML documents.

Is there any reason not to put YADIS capability info in the HTTP headers? I 
realize that HTTP headers are not as accessible to the casual user as is the 
head section of an html document.  But they have other things going for them:

1) A consumer could retrieve the server info via just a HEAD request, thus 
saving everyone bandwidth.

2) they are a lot easier to parse than a nasty html document.

3) they are not tied to html, xml, rdf, or anything except http(s).

Also:

a) We are talking about YADIS, a new protocol. This should be implemented in 
identity servers, not in end-user created html pages. So I don't think 
end-user-accessibility is a big concern.

b) a GET request could still be made in the hope that it is an OpenID server.  
In this case, the YADIS http header points to the same document, which is 
already fully retrieved, and a smart client can just use that single document 
rather than re-requesting.  So it should play well with OpenID model we have 
today without requiring any new requests by the consumer. 

Basically, I'm suggesting that the returned "application/x-meta-identity" 
document in the yadis spec instead is returned in the http headers.  Further, 
the format is simplified so that we just have a list of URI's identifying SSO 
protocols. That is, version info is expected to be part of the URI.  Example:

HEAD MYID?meta=capabilities

x-yadis.capability: http://lid.netmesh.org/1.0
x-yadis.capability: http://lid.netmesh.org/2.0
x-yadis-capability: http://lid.netmesh.org/sso/1.0
x-yadis-capability: http://lid.netmesh.org/sso/2.0
x-yadis-capability: http://openid.net
x-yadis-capability: http://example.com/new/innovative/capability

---

For comparison, here is the equivalent in application/x-meta-identity format.

capability: http://lid.netmesh.org/
version: 1.0,2.0

capability: http://lid.netmesh.org/sso
version: 1.0,2.0

capability: http://openid.net
version: 1.0

capability: http://example.com/new/innovative/capability
version: 1.0beta2,1.0,2.3,9.0-12

---



-- 
Dan Libby

http://videntity.org/
 - One identity to login with them all
 - Social networking between websites and blogs