XRDS for OpenID and Information Cards
Convener & Notes-taker: Axel Nennker
XRDS, Open ID, Information Cards
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
We should use XRDS (Simple) to let a RelyingParty/OpenIdConsumer/Resource/Service express its needs and the services it provides.
Something along these lines is describes here http://ignisvulpis.blogspot.com/2008/10/information-cards-with-xrds.html
* The relying party (https://xmldap.org/relyingparty/) provides a HTML LINK-rel element in the html code. * A browser extension finds the LINK element and downloads the XRDS document the LINK points to. * The browser extension looks for service types it is willing to support * In the case of Information Cards it retrieve the "policy" of the relyingparty * If the user now chooses to start the card selector the applicability of a card is governed by the RP policy. * After the security token has been generated it is send to the RP service endpoint listed in the XRDS document. This transfers the user's credentials/claims aka "security token" to the RP.
What we should agree on in this session is a set of XRDS types that are suitable for OpenId.
First here are the things for Information Cards:
* http://infocardfoundation.org/policy/1.0/login Describes where the policy can be retrieved. The scheme in the Uri part of this services SHOULD be https. * http://infocardfoundation.org/service/1.0/login Describes where the security token can be posted to. The scheme in the Uri part of this services SHOULD be https.
What is needed for OpenId?
* http://openid.org/policy/1.0/login * http://openid.org/service/1.0/login
If these two XRDS types are accepted what is the "policy"?