>>> John Panzer wrote: >>> >>> Has there been a discussion about an extension to map to/from i- >>> numbers >>> via AX? If there were a generic attribute you could stuff an i- >>> number >>> or a hash of an internal ID in there to help solve the disambiguation >>> problem. Alternatively it'd be nice to have a way to ask when the >>> account was created, if the OP is amenable. >>> >> Martin Atkins wrote >> >> If you're going to use i-numbers, then there's no reason at all not to >> use the XRD CanonicalID element. The same mechanism that's used to map >> i-names onto i-numbers can also be used to map URLs onto i-numbers, or >> URLs onto other URLs. >> >> I'm sure Drummond can talk in more detail about this. We did >> discuss it >> briefly at IIW, but once the majority had decided that the fragment >> approach was the way to go we didn't get a chance to investigate this >> further. > >Johnny Bufu wrote; > >We did look at this (with Drummond) in December. The bottom line is >that it can't be done easily - a mechanism similar to XRI's canonical >ID verification would have to be employed, to confirm that the i- >number actually 'belongs' to the URL on which discovery was >initiated. (Otherwise anyone could put any i-number in their URL- >based XRDS files.)
Johnny: Martin, Gabe, and I discussed this at IIW, and the CanonicalID verification process that's specified in the XRI Resolution 2.0 Working Draft 11 specification (of which the first editor's draft has now been posted - see below) could be applied even if the XRDS was discovered via a URL. To do this, RP code would need to confirm the CanonicalID i-number was authoritative for the XRDS, which is essentially the same process the RP has to go through anyway when the OP returns a different identifier than the one the user originally entered at the RP (such as in the directed identity flow). In the first editor's draft of WD11, we only specified Canonical ID verification when an XRDS was discovered from an XRI. But in the second editor's draft (due early next week), we could add text specifying how to do Canonical ID verification when the XRDS is discovered from a URL. Although it's not yet content complete, you can review the Canonical ID verification section (section 11) as well as the Yadis section (section 8) in the first editor's draft of WD11 at: http://www.oasis-open.org/committees/download.php/24096/xri-resolution-v2.0- wd-11-ed-01.doc To make it easier to review, we've also posted section 8 (the Yadis section) as a wiki page on the XRI TC wiki. See my next message about that. =Drummond _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs