Dick's questions
Dick Hardt
dick at sxip.com
Tue Jan 31 21:27:53 UTC 2006
Hey Johannes
Sorry to take so long getting back to you. I have pasted in the copy
from the Wiki in with comments inserted inline.
-- Dick
> Why is YADIS needed? Can't the same functionality be done just with
> <link..> tags?
>
> (asked by Dick Hardt)
>
> To expand on the question: OpenID uses <link..> tags in the
> HTML of the identity URL to indicate that the URL is an OpenID
> identifier, to indicate where the OpenID identity server can be
> found and which alias to use. Couldn't the same functionality that
> YADIS provides be accomplished much more easily by simply adding
> additional <link..> tags, each specifying a new capability? (let's
> call this the "link-only approach")
>
> Answer: Some of the functionality could be provided with the link-
> only approach, other functionality cannot be provided (at least not
> easily), and there are substantial downsides to this approach as
> became clear during initial YADIS discussions:
>
> * the link-only approach is limited to HTML at the identity
> URL. If a different content type was desired at the identity URL,
> an equivalent mechanism would have to be defined for each content
> type (e.g. if it is RSS, look for this tag, if it is PDF, parse PDF
> this way etc.). YADIS solves this problem through the X-YADIS-
> Location header on the HTTP protocol level.
YADIS has its own, new content type.
> * the link-only approach does not (easily) support provider-
> driven identity adoption: the provider would have to filter, and
> dynamically insert, the link tags at static HTML files they host.
In the SXIP view of the world, the provider would generate new URLs
for users to use that would map to different personas. Easy for the
provider to either generate a simple HTML page that just has the
delegation in it.
I think opaque URLs will be needed to comply with Kim's laws. I want
LOTS of URLs so that I can compartamentalize my identity. Sometimes I
will use a URL that is my blog, but lots of time I won't want to use it.
> * YADIS supports both provider-driven identity adoption and
> user-driven identity adoption
so would an HTML method, and is simpler and easier
> * we expect the number of capabilities to rise rapidly. For
> example, LID already knows about a dozen profiles (aka YADIS
> capabilities), and we are only at the beginning. It becomes
> practically infeasible to, say, insert a hundred additional
> <link..> tags into an HTML page.
What are these other capabilties? This was my question. What are all
these fancy new things that we need the complexity for?
> * The YADIS approach, on average, uses less bandwidth (e.g.
> search engines do not need to pull a lot of <link..> tags)
er, actually it requires two fetches if you go for the HTML first,
since you then have to get the XML. Lot of persona URLs will NOT be
blog pages.
> * HTTP Caching can be configured separately between content
> (e.g. the HTML) and identity meta-data (the YADIS information)
same with HTML
> * If a hosting provider offered identity capabilities to their
> customers, but made it optional for their customers whether they
> wanted their "home pages" to be identity-enabled or not, it is much
> easier for the hosting provider to instruct their customers to add
> a single tag to their HTML document, pointing to a provider-
> maintained YADIS capability file, than it is to ask them to track
> all the evolving capabilities with their HTML files that the host
> supports.
once again, what are all these evolving capabilities? ... are they
protocol independent?
> * <link...> tags, by their nature, can only express a very
> simple information structure, i.e. name-value pairs. The YADIS
> capability file, on the other hand, is a full-fledged XML file that
> can be extended with only few restrictions. That way, YADIS
> capability files can express much richer meta-data about identity
> capabilities than one could hope to express with <link...> tags.
> For example, YADIS can express that a capability supports multiple
> types at the same URL; this would be very hard to express with
> <link..> tags only
but if that is all you need, then why make it more complex?
> * another example for richer meta-data would be YADIS's ability
> to express preferences between capabilities (e.g. "this identity
> URL can do both OpenID authentication and LID SSO; I prefer
> RelyingParties to use this one, but they can use the other if they
> must")
I think this is something the user will likely want to do and have it
managed by an agent, rather then have it static leading to the SXIP
model where the Relying Party sends the user to their Homesite / IdP
and *then* the user selects the URL that they want used to identify
themselves at the site.
On 11-Jan-06, at 9:53 AM, Johannes Ernst wrote:
> I have added an FAQ and two new pages on the wiki. This is rough --
> feel free to improve -- and to disagree of course ;-)
>
> http://yadis.org/wiki/YADIS_FAQ (last question on page)
> http://yadis.org/wiki/Provider-driven_identity_adoption
> http://yadis.org/wiki/User-driven_identity_adoption
>
>
>
More information about the yadis
mailing list