Re: Review of Yadis section in XRI Resolution 2.0 WD11
Hi Drummond, On 30-May-07, at 10:45 PM, Drummond Reed wrote: To make this new section easy to review, we've put it on the XRI TC wiki at: http://wiki.oasis-open.org/xri/XriCd02/XrdsDiscoveryFromHttpUris It's pretty short and sweet, mostly because XRDS documents and their context and usage are defined elsewhere in the spec. So this section just defines the URL-based discovery protocol, which is the meat of the Yadis 1.0 spec. The wording has been restructured slightly to fit the OASIS spec format, however the only normative change was to make the recommendation to include the application/xrds+xml Accept header in the HEAD or GET request a SHOULD instead of a MAY. It looks really nice and clean to me :-) but I spotted two issues: 1) The final GET for the XRDS document MUST have the application/xrds +xml accept header in both 8.1 and 8.2: The requesting agent MUST then request the XRDS document using an HTTP(S) GET with an Accept header specifying the content type application/xrds+xml. (I take it that the MUST applies to everything that follows in the sentence.) This does not seem to be specified in Yadis. 2) Fallback from HEAD to GET: 8.1: If the response includes neither option above, discovery of an XRDS document is not available for the target resource. Yadis 6.2.8: If the response to an HTTP HEAD request does not contain a Yadis Resource Descriptor URL, the Relying Party Agent MUST then issue an HTTP GET request to the Yadis URL. Fixing this in 8.1 may create an endless loop, since 8.1 is referenced from 8.2. So that portion in 8.2 would probably need to be revised as well. Johnny ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Review of Yadis section in XRI Resolution 2.0 WD11
On 31-May-07, at 1:45 AM, Drummond Reed wrote: To make this new section easy to review, we've put it on the XRI TC wiki at: http://wiki.oasis-open.org/xri/XriCd02/XrdsDiscoveryFromHttpUris In Section 8.2: the value of the head element whose http-equiv attribute is X- XRDS-Location Should be meta element instead of head element to match with item 3 in the preceding list. I'd actually suggest writing item 3 in the list and that sentence like this for consistency: meta element with an http-equiv attribute equal to X-XRDS-Location or meta element with an http-equiv attribute value of X-XRDS-Location -Rowan ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: Review of Yadis section in XRI Resolution 2.0 WD11
Hi Drummond, I'd recommend adding a section which pulls together the HEAD and GET methods and describes how'd they be used in conjunction. Also explicitly pointing out that a URL hosting a XRDS document only is required to implement one or more of the discovery mechanisms whereas a service requesting XRDS documents must implement all of the different methods. Thanks, --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Drummond Reed Sent: Wednesday, May 30, 2007 10:45 PM To: 'OpenID specs list' Subject: Review of Yadis section in XRI Resolution 2.0 WD11 As discussed at IIW, the OASIS XRI TC is now moving swiftly to close and vote on the XRI Resolution 2.0 spec (which has been at the Working Draft 10 stage during the entire evolution of OpenID Authentication 2.0) so it can be referenced by OpenID Authentication 2.0 when it goes final. To that end, the first editor's draft of Working Draft 11 has been posted [1]. It's not quite content complete (all major changes have been incorporated; we're now working on the smaller stuff), so we're not asking folks to review the whole thing yet (many OpenID folks think it's too long anyway ;-). However it would be great to get feedback on the new section 8 that incorporates the Yadis protocol. Per discussions with the OpenID editors last fall, the XRI TC is including this in the XRI Resolution spec so everything about XRDS documents and their discovery is referenceable in an open public OASIS spec, even if only URLs and no XRIs are involved. To make this new section easy to review, we've put it on the XRI TC wiki at: http://wiki.oasis-open.org/xri/XriCd02/XrdsDiscoveryFromHttpUris It's pretty short and sweet, mostly because XRDS documents and their context and usage are defined elsewhere in the spec. So this section just defines the URL-based discovery protocol, which is the meat of the Yadis 1.0 spec. The wording has been restructured slightly to fit the OASIS spec format, however the only normative change was to make the recommendation to include the application/xrds+xml Accept header in the HEAD or GET request a SHOULD instead of a MAY. The XRI TC felt this was justified to encourage efficiency -- feel free to push back if you think that's the wrong call. Since only XRI TC members can write to the wiki (due to OASIS IPR rules), please post any feedback here on the specs list and we'll reflect it on the wiki page as quickly as we can (I myself will be offline in meetings tomorrow but back online tomorrow night). Thanks, =Drummond [1] http://www.oasis-open.org/committees/download.php/24096/xri-resolution-v 2.0- wd-11-ed-01.doc ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Review of Yadis section in XRI Resolution 2.0 WD11
On 31-May-07, at 5:34 PM, Recordon, David wrote: I'd recommend adding a section which pulls together the HEAD and GET methods and describes how'd they be used in conjunction. In the interest of keeping it light and simple to process, I believe it would be enough to make this explicit just before 8.1 by saying that any of the two protocols MAY be attempted by an RP (plus fixing the fallback from HEAD to GET). Also explicitly pointing out that a URL hosting a XRDS document only is required to implement one or more of the discovery mechanisms Not one or more; GET is REQUIRED, HEAD is OPTIONAL in Yadis. This too can be specified inline in sections 8.1 / 8.2. whereas a service requesting XRDS documents must implement all of the different methods. An RP may choose to only do GET and not care about the more efficient (but optional on the server side) HEAD. Johnny ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: Review of Yadis section in XRI Resolution 2.0 WD11
Johnny, David, Rowan: Thanks much for the excellent feedback. I'm tied up in meetings through tomorrow but by Monday I'll make the suggested updates and roll this into the second editor's draft of XRI Resolution 2.0 Working Draft 11, which we aim to post by next Wednesday. =Drummond -Original Message- From: Johnny Bufu [mailto:[EMAIL PROTECTED] Sent: Thursday, May 31, 2007 7:52 PM To: Recordon, David Cc: Drummond Reed; OpenID specs list Subject: Re: Review of Yadis section in XRI Resolution 2.0 WD11 On 31-May-07, at 5:34 PM, Recordon, David wrote: I'd recommend adding a section which pulls together the HEAD and GET methods and describes how'd they be used in conjunction. In the interest of keeping it light and simple to process, I believe it would be enough to make this explicit just before 8.1 by saying that any of the two protocols MAY be attempted by an RP (plus fixing the fallback from HEAD to GET). Also explicitly pointing out that a URL hosting a XRDS document only is required to implement one or more of the discovery mechanisms Not one or more; GET is REQUIRED, HEAD is OPTIONAL in Yadis. This too can be specified inline in sections 8.1 / 8.2. whereas a service requesting XRDS documents must implement all of the different methods. An RP may choose to only do GET and not care about the more efficient (but optional on the server side) HEAD. Johnny ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Review of Yadis section in XRI Resolution 2.0 WD11
As discussed at IIW, the OASIS XRI TC is now moving swiftly to close and vote on the XRI Resolution 2.0 spec (which has been at the Working Draft 10 stage during the entire evolution of OpenID Authentication 2.0) so it can be referenced by OpenID Authentication 2.0 when it goes final. To that end, the first editor's draft of Working Draft 11 has been posted [1]. It's not quite content complete (all major changes have been incorporated; we're now working on the smaller stuff), so we're not asking folks to review the whole thing yet (many OpenID folks think it's too long anyway ;-). However it would be great to get feedback on the new section 8 that incorporates the Yadis protocol. Per discussions with the OpenID editors last fall, the XRI TC is including this in the XRI Resolution spec so everything about XRDS documents and their discovery is referenceable in an open public OASIS spec, even if only URLs and no XRIs are involved. To make this new section easy to review, we've put it on the XRI TC wiki at: http://wiki.oasis-open.org/xri/XriCd02/XrdsDiscoveryFromHttpUris It's pretty short and sweet, mostly because XRDS documents and their context and usage are defined elsewhere in the spec. So this section just defines the URL-based discovery protocol, which is the meat of the Yadis 1.0 spec. The wording has been restructured slightly to fit the OASIS spec format, however the only normative change was to make the recommendation to include the application/xrds+xml Accept header in the HEAD or GET request a SHOULD instead of a MAY. The XRI TC felt this was justified to encourage efficiency -- feel free to push back if you think that's the wrong call. Since only XRI TC members can write to the wiki (due to OASIS IPR rules), please post any feedback here on the specs list and we'll reflect it on the wiki page as quickly as we can (I myself will be offline in meetings tomorrow but back online tomorrow night). Thanks, =Drummond [1] http://www.oasis-open.org/committees/download.php/24096/xri-resolution-v2.0- wd-11-ed-01.doc ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
