Using Yadis For Security Profile Discovery

Gabe Wachob gabe.wachob at
Thu Aug 24 23:23:47 UTC 2006

	Thats what I was suggesting when talking about advertising different
service types based on "security profile". So it sounds reasonable to me. 


> -----Original Message-----
> From: yadis-bounces at [mailto:yadis-bounces at]
> On Behalf Of Recordon, David
> Sent: Thursday, August 24, 2006 4:17 PM
> To: yadis at
> Subject: Using Yadis For Security Profile Discovery
> In talking about adding the concept of adding security profiles to
> OpenID, we run into the problem of how to express them from a discovery
> standpoint.  One idea is that we have IdPs advertise which of the
> security profiles they support via Yadis files.  As it stands the URI
> is being used, so the proposal would be URIs
> such as,,
> etc.
> So in this case, the relying party would know what security profiles the
> IdP supports before starting the authentication protocol.  Thus if the
> IdP only supports FOO and the RP requires BAR, then the RP could tell
> the user upfront that the protocol cannot succeed.  Additionally, if the
> IdP lists that it supports both FOO and BAR, the RP could pick which one
> it wants to use.  This then should remove the issue that Johannes
> brought up around degradation.
> Thoughts?

More information about the yadis mailing list