This blog can't be viewed on LiveJournal. Instead see http://www.apparently.me.uk/6272.html.

The relationship between OpenID and i-names

5th Mar 2007

I would appreciate an explanation of the relationship between OpenID and i-names”, writes Andrew.

I think the best way to start to tackle this question is to explain what both are. OpenID, as many people are coming to realise, is a protocol for decentralized authentication. It uses URIs as its identifiers, which means that everyone who wishes to use OpenID has a URI of some sort representing them. For most people this comes in the form of an HTTP URL, such as one provided by myopenid.com.

However, HTTP URLs aren't the only kind of URI. In principle OpenID can use any kind of URI as an identifier, but in practice it needs to be a URI on which discovery can be performed. Discovery is the process of taking an identifier and figuring out which OpenID Provider is responsible for it. The process of doing discovery on HTTP URLs in OpenID 1.1 is to do a GET request on the URL and, if the response is HTML, look for a particular LINK element. In OpenID 2, we use a protocol called Yadis, which is a slightly more elaborate discovery protocol for HTTP URLs that results in an XML document containing the necessary information.

An i-name is a particular kind of “Extensible Resource Identifier”, or XRI. You can spot an i-name because it usually starts with either an equals sign or an at sign. XRIs can also be expressed as URIs; my i-name as a full URI is xri://=mart, but you don't generally write the protocol on the front because it looks neater that way. The OpenID specification defines a discovery protocol for XRIs as well, so XRIs (and therefore i-names) can be used as OpenID identifiers.

So now let's see if I can express this succintly: OpenID is the authentication technology which uses URIs as user identifiers, and HTTP and XRI are two URL schemes for which an identifier discovery mechanism is defined.

Work is currently underway to modularize the OpenID Authentication 2.0 specification so that discovery and authentication are two distinct specs, which will hopefully in the process make this relationship easier to understand.

Comments

  • (comment with no subject)

    Now, if only you could explain why i-names are so expensive.
    By ext_33966 at 08:58 pm on 5th Mar 2007
  • thank you

    Martin, That gets me rather closer. Thank you!
    Of course, it raises further issues. For example, what advantages of xri over html compensate for xri being "expensive"?
    I can see the advantage of html. It maps identity on to a web page, which can be an About page. See:
    http://changingway.org/2007/03/02/openid-is-about/
    By ext_35779 at 10:11 pm on 5th Mar 2007