Proposal for an XRI (i-name) profile for OpenID
Victor Grey
victor at 2idi.com
Sun Apr 2 22:10:17 UTC 2006
## Responses inline
=vg
Lukas Rosenstock wrote:
> As far as I can see the OpenID specification is correct. There is not
> much change except the usage of a different terminology
> (Principal/SP/IDA).
> However, as you've only changed step 2 this should be described in
> more detail.
>
>> 2. SP uses XRI Resolution to discover the Principal's authentication
>> service URL. If more than one authentication service URL is sent in
>> the resolution response, the first one in priority order (as defined
>> by XRI Resolution 2.0) should be tried first, and if that fails, the
>> SP MAY try the others, in order.
>
> How exactly is this specified? I think it's a <Service>-block in the
> last <XRD>-element with <Type> of http://openid.net/signon/1.0 as
> defined by Yadis, but this should be added explicitly here.
## Yes, except I think the type would be
<Type>xri://@xdi.org*(+authenticationService)</Type>
>> openid.identity
>> ## The XRI from step 1
> This is an absolute XRI, right? Like xri://=username.
## Yes, good point.
> So the only change for the OpenID server is that not only http: and
> https: but also xri: is a valid URI scheme.
## Yes.
## You comments made me realize that I'm assuming that an XRI resolver
library is available to extract that authentication service URL -- I
should make that more explicit. ## (There are several implementations
of XRI resolver libraries in the works, including one in Ruby by me.)
More information about the yadis
mailing list