Iiw2008b XRDS for OpenId and Information Cards and other "Services"

From IIW
Jump to: navigation, search

We should use XRDS (Simple) to let a RelyingParty/OpenIdConsumer/Resource/Service express its needs and the services it provides.

Something along these lines is describes here http://ignisvulpis.blogspot.com/2008/10/information-cards-with-xrds.html

  • The relying party (https://xmldap.org/relyingparty/) provides a HTML LINK-rel element in the html code.
  • A browser extension finds the LINK element and downloads the XRDS document the LINK points to.
  • The browser extension looks for service types it is willing to support
  • In the case of Information Cards it retrieve the "policy" of the relyingparty
  • If the user now chooses to start the card selector the applicability of a card is governed by the RP policy.
  • After the security token has been generated it is send to the RP service endpoint listed in the XRDS document.
    This transfers the user's credentials/claims aka "security token" to the RP.

What we should agree on in this session is a set of XRDS types that are suitable for OpenId.

First here are the things for Information Cards:

What is needed for OpenId?

If these two XRDS types are accepted what is the "policy"?