Typo section 8

2007-07-28 Thread Eran Hammer-Lahav 
Small typo in section 8 or draft 11:

 

An association between the Relaying Parry and.

 

I assume its Relaying Party.

 

 

=eran

___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

RE: Differentiating between User Identifier and OP Identifier

2007-07-28 Thread Eran Hammer-Lahav 
Thanks Johnny!

It makes more sense now. Here are some further comments:

I started to rewrite section 7 to make it easier to read but as I was going
through it again and again, it became clearer. I think while all the terms
are properly explained elsewhere, it might help to repeat some of them (like
the two kinds of identifiers the user can provide) within the text. Here are
some more specific comments and questions (I am not sure what's the process
of suggesting changes to the draft). Obviously this is all meant as a
suggestion so I will refrain from prefixing each comments with I would like
to suggest (this might sound like a silly thing to say, but I really
respect the work done by this group and would not want to offend anyone
coming off too aggressive with instructions).

Section 7.3.1:

If more than one set of the following information has been discovered, the
precedence rules defined in [XRI_Resolution_2.0] are to be applied.

This somewhat confusing when combined with section 7.3.2.2:

Once the Relaying Party has obtained an XRDS document, is MUST first search
the document (following the rules described in [XRI_Resolution_2.0]) for an
OP Identifier Element.

My confusion comes from the fact the spec is not clear about what makes a
valid XRDS document used for OpenID discovery. In this case, it sounds like
an XRDS document MUST no include both an OP Endpoint element and a Claimed
Identifier element. If it has both, and the Claimed Identifier Service
Element has a higher priority, what does that mean?

Remove section 7.3.2.2 and move its content to the end of 7.3.2. It makes a
better introduction to the two possible elements and their relationship.

Section 7.3.2.3 is confusing:
1. Does it only apply to XRI identifiers, not to XRDS documents found during
Yadis discovery?
2. It seems to only apply to Claimed Identifier Element - maybe it should
merge into section 7.3.2.1.2?
3. It would be helpful to explain or reference how the RP can confirm the
authorities listed in the 2nd paragraph. I read a couple of long threads on
this list regarding this, but did not see a resolution.
4. The first line of the third paragraph is not needed.
5. The section briefly explains the CanonicalID tag, but not the
ProviderID tag. A one line context of the ProviderID tag would help.
6. Last line is confusing. Where would a CanonicalID come from if using a
URL identifier? This entire section is under XRDS discovery. Does it refer
to the URL used in a Yadis discovery (I assume not)?

Section 7.3.2.4 says ...no longer used... but it is not clean where was it
used before? The only spec I read prior this this one was the OpenID 1.1
which does not make use of XRDS documents.

Move the first paragraph of section 7.3.3 to the end of section 7.3.1. It
will explain which discovery process is used for each of the possible
identity types. Also, from HTML-Based discovery MUST be supported by
Relaying Parties is sounds like XRDS discovery is not required. If this is
true, it should be made much clearer and provide guidelines of the proper
reply to the user when the RP only supports HTML discovery.

Thanks,

=eran


___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Re: Using XRI Proxy Resolvers in OpenID discovery

2007-07-28 Thread Pádraic Brady 
Hi Eran,

Not sure I follow what the question is?

Should one use a proxy? Yes. Since it's unlikely any platform will support XRI 
resolution natively. Should the proxy be used to grab an XRDS document? Yes, if 
possible, and don't forget about the Accept: application/xrds+xml header 
which a server may use to serve up such a document immediately. Parsing such a 
document is not necessarily complex though - I found after implementing it in 
PHP using SimpleXML that it's a lot less complex than the specification would 
suggest.

I think it's a good idea to grab ALL the XRDS, and not just look for an OpenID 
1.1/1.0 sub-element. In the case of failure to locate OpenID 1.1, you then have 
the full document to see if it's only offering 2.0 (signon/server).

Given you need a full parsing ability, the first option seems to make the most 
sense. Get as much as possible upfront to avoid any second/third HTTP requests 
to the User/OP. It's more efficient this way I think - if you are using 
caching, XRDS lookups shouldn't occur on each and every OpenID authentication 
process anyway.

Regards,
Pádraic

 
Pádraic Brady
http://blog.astrumfutura.com
http://www.patternsforphp.com


- Original Message 
From: Eran Hammer-Lahav [EMAIL PROTECTED]
To: specs@openid.net
Sent: Saturday, July 28, 2007 6:21:30 PM
Subject: Using XRI Proxy Resolvers in OpenID discovery




 
 

!--
 _filtered {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;}
 _filtered {font-family:Tahoma;panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal

{margin:0in;margin-bottom:.0001pt;font-size:11.0pt;font-family:Calibri, 
sans-serif;}
a:link, span.MsoHyperlink
{color:blue;text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{margin:0in;margin-bottom:.0001pt;font-size:8.0pt;font-family:Tahoma, 
sans-serif;}
span.EmailStyle17
{font-family:Calibri, sans-serif;color:windowtext;}
span.BalloonTextChar
{font-family:Tahoma, sans-serif;}
.MsoChpDefault
{}
 _filtered {margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{}
--






The specification makes a suggestion (section 7.3 bullet 1)
to use a proxy for XRI resolution instead of implementing the XRI resolution
protocol in the Relaying Party. I am not clear as to what extent can / should 
the
proxy be used for. For example, it can be used to turn ‘=eran’ into
an XRDS document:
 

  
 

http://xri.net/=eran?_xrd_r=application/xrds+xml
 

  
 

Or it can be used to retrieve an OpenID 1.0 service (BTW,
this does not work at xri.net) and save some effort in parsing an XRDS file:
 

  
 

http://xri.freexri.com/=eran?_xrd_r=application/xrd+xml_xrd_t=http%3a%2f%2fopenid.net%2fsignon%2f1.0
 

  
 

And last, it can be used to avoid XRI and XRDS altogether
(which I doubt is the intention –but one which might be suggested to RP
not implementing XRI if it is indeed optional):
 

  
 

http://xri.net/=eran
 

  
 

Which will redirect to an HTML page with OpenID tags
(assuming the RP doesn’t implement Yadis either).
 

  
 

However, when using the Yadis, the RP still has to have all
the logic of parsing a full XRDS file which can have multiple XRD elements,
multiple services with priority, and multiple URIs with priority (and append
instructions). Does that mean that proxies should only be used for the first
option?
 

  
 

=eran
 










   

Building a website is a piece of cake. Yahoo! Small Business gives you all the 
tools to get online.
http://smallbusiness.yahoo.com/webhosting ___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

RE: Using XRI Proxy Resolvers in OpenID discovery

2007-07-28 Thread Eran Hammer-Lahav 
Thanks Pádraic,

 

My question was in reference to the suggestion in the specification to use
an XRI proxy and how it might relate to Relaying Party not implementing any
XRI or Yadis support. The spec requires HTML discovery but not the other
two, but users are expected to try their XRI identities not knowing what the
RP will support.

 

In other words, does the spec (or this group) support the idea of using an
XRI proxy to convert an XRI to an HTML page via redirection to the XRI
default page (XRI Resolution 2.0 section 7.6)? If the RP does not implement
XRI (assuming the language of section 7.3.3 remains unchanged), should the
spec recommend at least using an XRI proxy to fetch the default HTML page?

 

EHL

Ps. You don’t have to use Accept: application/xrds+xml if you use query
parameter _rds_r=application/xrds+xml

 

 

From: Pádraic Brady [mailto:[EMAIL PROTECTED] 
Sent: Saturday, July 28, 2007 7:53 PM
To: Eran Hammer-Lahav
Cc: specs@openid.net
Subject: Re: Using XRI Proxy Resolvers in OpenID discovery

 

Hi Eran,

Not sure I follow what the question is?

Should one use a proxy? Yes. Since it's unlikely any platform will support
XRI resolution natively. Should the proxy be used to grab an XRDS document?
Yes, if possible, and don't forget about the Accept: application/xrds+xml
header which a server may use to serve up such a document immediately.
Parsing such a document is not necessarily complex though - I found after
implementing it in PHP using SimpleXML that it's a lot less complex than the
specification would suggest.

I think it's a good idea to grab ALL the XRDS, and not just look for an
OpenID 1.1/1.0 sub-element. In the case of failure to locate OpenID 1.1, you
then have the full document to see if it's only offering 2.0
(signon/server).

Given you need a full parsing ability, the first option seems to make the
most sense. Get as much as possible upfront to avoid any second/third HTTP
requests to the User/OP. It's more efficient this way I think - if you are
using caching, XRDS lookups shouldn't occur on each and every OpenID
authentication process anyway.

Regards,
Pádraic

 

Pádraic Brady
http://blog.astrumfutura.com
http://www.patternsforphp.com

 

___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs