Introducing and YADIS ID Spy

Michael Graves groupmg at
Wed Nov 23 22:50:46 PST 2005


A couple of us at VeriSign have spun up a hosted site over at to
provide a workspace for code, examples, and tests of all things YADIS. It's
called  the ID Sandbox, and well, there's no home page yet (home pages are so
90s anyway), but you can get to the blog here:

That's probably as good a starting point as any. The ID Sandbox is intended to
be a shared resource for people interested in working up prototypes and moving
parts related to YADIS and OpenID (and LID, and XRI...). I chose this hosting
company becaue they have excellent support for Ruby on Rails, which is an
excellent platform for building experimental and rapidly developed web sites and
network services. TextDrive also suport PHP and most of the other popular web
platforms that run on Apache, so we're not limited to Ruby on Rails. But as
you'll see in the next few weeks, this platform is well suited for getting
working code in play quickly.

So, all are welcome to visit and use the ID Sandbox. All are invited to be a
contributor on the development side of the site too, if you have the skills and
commitment to make a contribution. If you want to become a contributor, please
email and we'll get you set up. Ideally, I'm hoping we'll be able to provide
working implementations of YADIS Discovery on Ruby on Rails, PHP, Perl, Java,
and maybe even FORTRAN if we get time. :-)

I'm also hoping the ID Sandbox can host validators, test suites and
configuration wizards that will enable users, technical and otherwise to
configure, test, and deploy YADIS IDs. 

At any rate, the first interesting widget is up and running over there as of
this evening. You can go to the YADIS ID Spy at:

And try out a YADIS ID, and see what the Server can discover about your YADIS
ID. The YADIS ID Spy first looks at the HTTP headers for your YADIS ID, then the
HTML, and if it finds a YADIS Capabilities Document (YDC) URI in either of
those, it will fetch the YDC and list the Capabilities it finds within. 

To try one that should work, you can use this YADIS ID I've setup:

You're not logging in or anything, just querying for the Capabilities asserted
by this YADIS ID. 

There are some extended documentation/notes on how the YADIS ID Spy works here:

Read that to find out more about the implementation, and how to setup your own
YADIS ID so that it can be "discoverable" by the YADIS ID Spy. As an aside, I'd
like to point out that configuring my Yahoo!-hosted URL ( to
  be YADIS-enabled was almost ridiculously quick and easy. That has to be a good
sign for YADIS. The coolest part there was that I was able to use a *one* line
PHP call to configure my URL to send the appropriate HTTP header
("yadis.capabilities").  "index.php", which is what drives the YADIS ID at needed exactly two lines of code added to get it
working for YADIS, including HTTP custom header support. 

That's Yahoo! Your mileage may vary depending on which host you use. But I do
know that a great many ISPs/hosts allow for basic PHP scripting, and if they do,
the good news is that it's a cinch to do.

Anyway, if you're interested, take the Spy for a spin and let me know what you
think. Note that this is *my* best understanding of how YADIS discovery should
be implemented. Please take it for what it is. If there are errors or needed
changes, please advise, I'd like the Spy to be as authoritative and current as
possible in rendering the spec with a real world implementation. Please see the
doc/note link above for commentary on places where my implementation may be at
odds with what was/is in the YADIS spec (per the YADIS wiki).

Happy Thanksgiving, everyone!


More information about the yadis mailing list