Question: Yadis Service URIs in the OpenID Auth case

Drummond Reed drummond.reed at
Thu Aug 24 19:22:08 UTC 2006

To slightly tweak Kevin's feedback, I think Johanne's assumption #2 (that
the URIs are maintained by the same organization) is 100% valid if a
non-empty ProviderID element is present in the service endpoint (SEP).

The ProviderID value is the only SEP element with a cardinality of
zero-or-one, so all the URIs in a SEP are associated with only one provider.
This is important because if the ProviderID value is itself resolvable to an
XRDS describing the Provider, it makes it easy to discover ProviderID
metadata that applies to all their SEPs.

If the SEP has no ProviderID value, there's nothing technically to prevent
different URIs in the SEP from going to different service providers, but
it's clearly not a good practice.


-----Original Message-----
From: yadis-bounces at [mailto:yadis-bounces at]
On Behalf Of Kevin Turner
Sent: Thursday, August 24, 2006 12:04 PM
To: yadis at
Subject: Re: Question: Yadis Service URIs in the OpenID Auth case

On Wed, 2006-08-23 at 17:54 -0700, Johannes Ernst wrote:
> Am I correct that it would be false to assume that:
>   - the two service URIs reside on the same server;
>   - are maintained by the same organization;
>   - use the same negotiated D-H secret (aka I negotiate with one  
> service URI, but successfully use it with the other), even if they  
> are very similar URIs.

I think you are correct; none of those are 100% safe assumptions to
make.  Some of those might be sane conventions to establish, i.e. 
"everything under a single Service tag is maintained by one provider,"
but I don't think we can count on that.  And even if you could count on
that one, the other two wouldn't necessarily follow.

More information about the yadis mailing list