Martin Atkins (mart) wrote in apparentlymart,
Martin Atkins
mart
apparentlymart

The relationship between OpenID and i-names

I would appreciate an explanation of the relationship between OpenID and i-names”, writes Andrew.

I think the best way to start to tackle this question is to explain what both are. OpenID, as many people are coming to realise, is a protocol for decentralized authentication. It uses URIs as its identifiers, which means that everyone who wishes to use OpenID has a URI of some sort representing them. For most people this comes in the form of an HTTP URL, such as one provided by myopenid.com.

However, HTTP URLs aren't the only kind of URI. In principle OpenID can use any kind of URI as an identifier, but in practice it needs to be a URI on which discovery can be performed. Discovery is the process of taking an identifier and figuring out which OpenID Provider is responsible for it. The process of doing discovery on HTTP URLs in OpenID 1.1 is to do a GET request on the URL and, if the response is HTML, look for a particular LINK element. In OpenID 2, we use a protocol called Yadis, which is a slightly more elaborate discovery protocol for HTTP URLs that results in an XML document containing the necessary information.

An i-name is a particular kind of “Extensible Resource Identifier”, or XRI. You can spot an i-name because it usually starts with either an equals sign or an at sign. XRIs can also be expressed as URIs; my i-name as a full URI is xri://=mart, but you don't generally write the protocol on the front because it looks neater that way. The OpenID specification defines a discovery protocol for XRIs as well, so XRIs (and therefore i-names) can be used as OpenID identifiers.

So now let's see if I can express this succintly: OpenID is the authentication technology which uses URIs as user identifiers, and HTTP and XRI are two URL schemes for which an identifier discovery mechanism is defined.

Work is currently underway to modularize the OpenID Authentication 2.0 specification so that discovery and authentication are two distinct specs, which will hopefully in the process make this relationship easier to understand.

Tags: openid, xri
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 3 comments