Question: Yadis Service URIs in the OpenID Auth case

David Fuelling sappenin at
Thu Aug 24 14:30:13 UTC 2006

> -----Original Message-----
> From: yadis-bounces at [mailto:yadis-bounces at]
> On Behalf Of Johannes Ernst
> Sent: Wednesday, August 23, 2006 8:54 PM
> To: OpenID Discussion
> Subject: Question: Yadis Service URIs in the OpenID Auth case
> Assume I'm doing Yadis discovery in the context of OpenID
> Authentication. I'm finding a Yadis file that specifies OpenID Auth
> as a service type, and lists 2 service URIs for that service type
> (version the same and all, but different priorities)
> Am I correct that it would be false to assume that:
>   - the two service URIs reside on the same server;
>   - are maintained by the same organization;
>   - use the same negotiated D-H secret (aka I negotiate with one
> service URI, but successfully use it with the other), even if they
> are very similar URIs.

[df]  Is there something inherent to OpenID that mandates your 3
assumptions?  If an organization is advertising a single Yadis <service>
that has 2 different URI's (version the same, except different priorities),
shouldn't we assume that the 2 URI's DO actually point to the same service?
If not, then why even use the priority attribute -- instead it would seem to
make sense to put the two URI's into separate <Services>.

In addition, whether each Service URI points to the same server (physically)
or is maintained by the same organization seems to be a moot point, so long
as all of the servers in a given "service" are talking to each other,
provide the same underlying functionality, and thus use the same D-H

Does OpenId place some assumptions/restrictions onto Yadis that I'm not
aware of?  Or, am I conceiving of how Yadis works in the wrong way?


More information about the yadis mailing list