>> Johnny Bufu wrote:
>> We did look at this (with Drummond) in December. The bottom line is  
>> that it can't be done easily - a mechanism similar to XRI's canonical  
>> ID verification would have to be employed, to confirm that the i- 
>> number actually 'belongs' to the URL on which discovery was  
>> initiated. (Otherwise anyone could put any i-number in their URL- 
>> based XRDS files.)
>Martin Atkins wrote:
>Indeed, CanonicalID verification would be necessary, but it's already 
>necessary if you want to accept XRI-based logins anyway.
>Last time we were talking about this CanonicalID verification for XRI 
>was not yet specified. Is it now specified somewhere?

Martin, it's been specified in draft form since last October on the XRI TC
wiki at:


The content there was moved week before last into the first editor's draft
of XRI Resolution 2.0 Working Draft 11 at:


The new Canonical ID Verification section is #11. Note that the verification
rules currently only cover if the XRDS is discovered from an XRI. In the
second editor's draft, due this Wednesday, we will add rules for
verification if the XRDS is discovered from a URL.


specs mailing list

Reply via email to