Question: Yadis Service URIs in the OpenID Auth case

Johannes Ernst at
Thu Aug 24 00:54:17 UTC 2006

Assume I'm doing Yadis discovery in the context of OpenID  
Authentication. I'm finding a Yadis file that specifies OpenID Auth  
as a service type, and lists 2 service URIs for that service type  
(version the same and all, but different priorities)

Am I correct that it would be false to assume that:
  - the two service URIs reside on the same server;
  - are maintained by the same organization;
  - use the same negotiated D-H secret (aka I negotiate with one  
service URI, but successfully use it with the other), even if they  
are very similar URIs.

In other words, if as a relying party, I usually pick the higher- 
priority service URI listed in the file, and do the OpenID Auth thing  
successfully, but if that first server goes down, and I suddenly have  
to use the second service URI because the first one is unavailable, I  
first have to negotiate a D-H secret with that service endpoint  
because I have never used that one before.

Please speak up if you think I'm wrong.

Johannes Ernst
NetMesh Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
Url :
-------------- next part --------------

More information about the yadis mailing list