- changed title to Migration - (te) 4. xri portion needs change (by Markus)
Migration - (te) 4. xri portion needs change (by Markus)
In section 4:
"For XRI, OpenID 2.0 Identifier MUST be created as https://xri.net/ concatenated with the user’s verified XRI without the xri:// scheme. "
The problem with this I think is that in OpenID 2.0, for an XRI the Claimed Identifier is the pure CanonicalID (I-Number), without https:// or xri:// scheme. For example, an RP might have =!91F2.8153.F600.AE24 as the Claimed Identifier (openid2_id) for a user in its database. So I think in section 4, we should either not say anything specific at all about XRI, or say something like this:
"For XRI, OpenID 2.0 Identifier MUST be the content of the <CanonicalID> element, as specified in [OpenID.2.0]"
Then an example ID Token would be:
{
"iss": "?? not sure",
"sub": "?? not sure",
"aud": "s6BhdRkqt3",
"nonce": "n-0S6_WzA2Mj",
"exp": 1311281970,
"iat": 1311280970,
"openid2_id": "=!91F2.8153.F600.AE24"
}
But then I can see that obtaining an "iss" as described in sections 2 and 6 won't work.
Comments (9)
-
reporter -
reporter - edited description
-
- changed milestone to Implementer's Draft
-
assigned issue to
We agreed that the "openid2_id" claim should be the real OpenID 2.0 identifier. This will mean that people will have to prefix http://xri.net/ to identifiers for i-names when doing discovery for migration. We need to verify with Markus that this will work.
-
Hi Mike, Nat,
Is there a change needed for this issue? I was haven't some sound problems while this was discussed so I didn't hear everything. It seems like the spec should stay the same and just confirm with Markus whether it's feasible.
-
Yes, you need to add the example with the XRI value as the canonical identifier. Then you also need to say that when retrieving the issuer for the identifier, the implementation will have to prefix http://xri.net/ to identifiers for i-names when doing discovery for migration. After you've published those changes, then they need to be reviewed by Markus.
-
reporter Accept.
See minutes for actual text about the resolution for XRI.
-
reporter Issue
#955was marked as a duplicate of this issue. -
reporter - changed status to open
-
- changed status to resolved
fixes
#950- Migration - (te) 4. xri portion needs change (by Markus)→ <<cset 9b12de02fb85>>
- Log in to comment