Martin Atkins (mart) wrote in apparentlymart,
Martin Atkins

Modularizing OpenID Discovery

This evening I started a discussion on the OpenID Specs mailing list about removing the detailed requirements for discovery from the OpenID Auth spec and refactoring these requirements into a set of ancillary discovery specifications. Only the HTTP one would then be mandated by the OpenID Authentication spec in order to provide a common baseline.

My motivation for this is two-fold:

  • It has become obvious recently that people are somewhat overwhelmed by the size of the new Auth 2.0 spec, particularly when you include the normative references to other large specifications.
  • Some people seem keen on defining support for using other URI schemes as identifiers besides HTTP/HTTPS URLs. I don't necessarily object to this on principle, but I don't want to see the core OpenID Auth spec grow any larger as a result.

The intended result, in my opinion at least, is to arrive at a situation where casual developers only need to consider the core Auth 2.0 spec and the HTTP discovery spec, both of which will (hopefully!) be simple. The specs for XRIs, email address and whatever else would be a optional extras to be considered later once our interested developer has groked the basic principles.

One remaining big dependency hanging off the spec would be the reference to the XRI Resolution 2.0 specification in order to borrow the XRDS document format. I'm not sure what is best to do about this, but I do think as a starting point we should describe somewhere the subset of XRDS used for service discovery, hopefully in such a way that the main XRDS schema specification goes from being required reading to merely follow-up reading.

Tags: openid, xri, yadis

  • The next evolution for OpenID?

    This morning at IIW Dick Hardt presented his vision for solving the issue whereby a user is dependent on his OpenID provider being up and non-evil.…

  • HTML 5 vs. Yadis

    One of the ways that the Yadis specification allows for the XRDS document location to be declared is via the X-XRDS-Location header embedded via a…

  • Client Certificates: It's easy, man! recently added support for logging in with client certificates. I've heard people talking about client certificates lots of times, but…

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.