As much as I like the idea of a single link tag in the HTML, there are many advantages to having a document.
As noted by others, requiring a browser to read each file as a Yadis document is a non-starter. Having a link tag pointing to the Yadis file and having a Yadis file in a well known place per the P3P mechanisms makes sense. My preference would be to have just one way, but there likely are use cases where it makes sense to have both. -- Dick On 19-Oct-06, at 9:47 PM, Drummond Reed wrote: > I initially agreed as well. But to play devil's advocate, the link- > to-XRDS > option could actually be pretty efficient. Any HTML page could simply > advertise the availability of its Yadis XRDS file using an XRDS > link in the > header. Assuming that many or all of the pages on a site would be > covered by > the same XRDS file, the browser would only need to download it once > to cover > the entire site. The XRDS would expire (using the same cache > control that > XRI resolvers use) and be refreshed as needed. > > This is the architecture that P3P used > (http://www.w3.org/TR/P3P/#ref_syntax). > > The XRDS file could provide discovery of multiple services > representing the > RP, not just the login page. > > =Drummond > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf > Of Recordon, David > Sent: Thursday, October 19, 2006 8:24 PM > To: Chris Drake; Johannes Ernst > Cc: specs@openid.net > Subject: RE: Re[2]: OpenID Login Page Link Tag (was RE: PROPOSAL: > OpenIDFormClarification (A.4)) > > I think I'd have to agree. Been thinking about this a lot recently > and > the overhead within Yadis seems unreasonable for a browser to perform > against a RP. Technically the RP could not have anything in the HTML > meaning the browser would have to do Yadis on every page view. > > I'd be inclined to use a link tag, at least for the time being, to > discover relying parties. > > --David > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Chris Drake > Sent: Thursday, October 19, 2006 10:45 PM > To: Johannes Ernst > Cc: specs@openid.net > Subject: Re[2]: OpenID Login Page Link Tag (was RE: PROPOSAL: OpenID > FormClarification (A.4)) > > Hi Johannes, > > No - Yadis is inappropriate because user agents need to be able to > identify an OpenID login page (and endpoint if possible) *without* > accessing other resources. > > Kind Regards, > Chris Drake > > > Friday, October 20, 2006, 10:33:40 AM, you wrote: > > JE> Isn't this a case where the Yadis infrastructure should be used > JE> instead of Yet Another Link Tag? > > > JE> On Oct 19, 2006, at 8:21, Drummond Reed wrote: > >>> Martin, I agree with Dick, this is a fascinating idea. P3P had the >>> same idea >>> notion for a site advertising the location of the P3P privacy >>> policy: it >>> defined a standard HTML/XHTML link tag that could be put on any >>> page of a >>> site that told the browser where to locate the P3P policy document >>> for the >>> site (or for any portion of the site). >>> >>> http://www.w3.org/TR/P3P/#ref_syntax >>> >>> Are you proposing the same thing for OpenID login? >>> >>> (Kewl!) >>> >>> =Drummond >>> >>> -----Original Message----- >>> From: [EMAIL PROTECTED] >>> [mailto:[EMAIL PROTECTED] On >>> Behalf >>> Of Dick Hardt >>> Sent: Thursday, October 19, 2006 12:53 AM >>> To: Martin Atkins >>> Cc: specs@openid.net >>> Subject: Re: PROPOSAL: OpenID Form Clarification (A.4) >>> >>> >>> On 19-Oct-06, at 12:35 AM, Martin Atkins wrote: >>> >>>> Dick Hardt wrote: >>>>> >>>>> In order for the RUA to detect that a site supports OpenID, it >>>>> sees a >>>>> form with a single input with a "name" of openid_identiifier. The >>>>> RUA >>>>> can then look at the action and post the data directly to the RP. >>>>> >>>> >>>> I think it'd be better to implement this as either a META or a LINK >>>> element alongside a standard protocol for communicating with the >>>> nominated URL. >>>> >>>> This way the site can declare on *all pages*, rather than on the >>>> forms-based login page, that it accepts OpenID auth. This allows >>>> the >>>> user to go to the RP's home page (or any other page) and click the >>>> "OpenID Login" button on the browser's toolbar and have it work. >>> >>> That is an interesting idea. Would you like to take a stab at more >>> specifics? >>> >>> -- Dick >>> _______________________________________________ >>> specs mailing list >>> specs@openid.net >>> http://openid.net/mailman/listinfo/specs >>> >>> _______________________________________________ >>> specs mailing list >>> specs@openid.net >>> http://openid.net/mailman/listinfo/specs > > JE> Johannes Ernst > JE> NetMesh Inc. > > > > > _______________________________________________ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs > > _______________________________________________ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs > > _______________________________________________ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs > > _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
