Difference between revisions of "XRDS for OpenID and Information Cards"

From IIW
Jump to: navigation, search
(New page: Convener & Notes-taker: Axel Nennker '''Technology Discussed/Considered:''' XRDS, Open ID, Information Cards '''Discussion notes, key understandings, outstanding questions, observations...)
 
Line 8: Line 8:
 
'''
 
'''
  
We had some discussion about XRDS for Open ID yesterday already and there seems to be some support in the Open ID community.  But there wasn’t any real conclusion.
+
We should use XRDS (Simple) to let a RelyingParty/OpenIdConsumer/Resource/Service express its needs and the services it provides.
  
Future steps:
+
Something along these lines is describes here http://ignisvulpis.blogspot.com/2008/10/information-cards-with-xrds.html
* Write the spec for IC and submit it to the ICF Browser Ltegialia(?) WG
+
 
* Write spec for Open ID and submit to an Open ID Foundation WG
+
    * The relying party (https://xmldap.org/relyingparty/) provides a HTML LINK-rel element in the html code.
 +
    * A browser extension finds the LINK element and downloads the XRDS document the LINK points to.
 +
    * The browser extension looks for service types it is willing to support
 +
    * In the case of Information Cards it retrieve the "policy" of the relyingparty
 +
    * If the user now chooses to start the card selector the applicability of a card is governed by the RP policy.
 +
    * After the security token has been generated it is send to the RP service endpoint listed in the XRDS document.
 +
      This transfers the user's credentials/claims aka "security token" to the RP.
 +
 
 +
What we should agree on in this session is a set of XRDS types that are suitable for OpenId.
 +
 
 +
First here are the things for Information Cards:
 +
 
 +
    * http://infocardfoundation.org/policy/1.0/login Describes where the policy can be retrieved.
 +
      The scheme in the Uri part of this services SHOULD be https.
 +
    * http://infocardfoundation.org/service/1.0/login Describes where the security token can be posted to.
 +
      The scheme in the Uri part of this services SHOULD be https.
 +
 
 +
What is needed for OpenId?
 +
 
 +
    * http://openid.org/policy/1.0/login
 +
    * http://openid.org/service/1.0/login
 +
 
 +
If these two XRDS types are accepted what is the "policy"?

Revision as of 21:54, 3 December 2008

Convener & Notes-taker: Axel Nennker

Technology Discussed/Considered:

XRDS, Open ID, Information Cards

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

We should use XRDS (Simple) to let a RelyingParty/OpenIdConsumer/Resource/Service express its needs and the services it provides.

Something along these lines is describes here http://ignisvulpis.blogspot.com/2008/10/information-cards-with-xrds.html

   * The relying party (https://xmldap.org/relyingparty/) provides a HTML LINK-rel element in the html code.
   * A browser extension finds the LINK element and downloads the XRDS document the LINK points to.
   * The browser extension looks for service types it is willing to support
   * In the case of Information Cards it retrieve the "policy" of the relyingparty
   * If the user now chooses to start the card selector the applicability of a card is governed by the RP policy.
   * After the security token has been generated it is send to the RP service endpoint listed in the XRDS document.
     This transfers the user's credentials/claims aka "security token" to the RP. 

What we should agree on in this session is a set of XRDS types that are suitable for OpenId.

First here are the things for Information Cards:

   * http://infocardfoundation.org/policy/1.0/login Describes where the policy can be retrieved.
     The scheme in the Uri part of this services SHOULD be https.
   * http://infocardfoundation.org/service/1.0/login Describes where the security token can be posted to.
     The scheme in the Uri part of this services SHOULD be https. 

What is needed for OpenId?

   * http://openid.org/policy/1.0/login
   * http://openid.org/service/1.0/login 

If these two XRDS types are accepted what is the "policy"?