Proposal for an XRI (i-name) profile for OpenID
Lukas Rosenstock
inbox at lukasrosenstock.net
Sun Apr 2 20:13:11 UTC 2006
As far as I can see the OpenID specification is correct. There is not much
change except the usage of a different terminology (Principal/SP/IDA).
However, as you've only changed step 2 this should be described in more
detail.
> 2. SP uses XRI Resolution to discover the Principal's authentication
> service URL. If more than one authentication service URL is sent in the
> resolution response, the first one in priority order (as defined by XRI
> Resolution 2.0) should be tried first, and if that fails, the SP MAY try
> the others, in order.
How exactly is this specified? I think it's a <Service>-block in the last
<XRD>-element with <Type> of http://openid.net/signon/1.0 as defined by
Yadis, but this should be added explicitly here.
> openid.identity
> ## The XRI from step 1
>
This is an absolute XRI, right? Like xri://=username.
So the only change for the OpenID server is that not only http: and https:
but also xri: is a valid URI scheme.
Aside, I think we should make some recommendations how a login site should
look and work.
I've put some ideas here:
http://yadis.org/wiki/RelyingParty_Design_Recommendations
More information about the yadis
mailing list