- changed status to open
Migration - (te) Update verification rule for XRI
Issue #958
resolved
(Just recording ML discussion here for the record so that I can resolve with a commit.)
Forwarding service is a service that XRI providers needs to implement. You can create a node under your XRI to point to another location.
For example, I can define
=nat/(+contact)
to forward it to a contact page of my choice.
Similarly, I could create
=nat/(+openid_iss)
and map it to any page.
For example, if my OpenID Connect issuer is https://example.com/ then I can define =nat/(+openid_iss) to map to https://example.com/.
It works this way.
1) The client sends request to https://xri.net/=nat/(+openid_iss). 2) The host xri.net responds with 302 redirect to for example, http://forwarding.fullxri.com/forwading/=nat/(+openid_iss) 3) The client send request to it. 4) The host replies with 302 redirect to https://example.com/ 5) The client requests https://example.com/. 6) The page returns 200 OK so the redirection sequence terminates here. 7) Now the client has found that https://example.com/ is the authoritative OpenID Connect issuer. 8) Match it to the value of "iss" in the ID Token.
This should work with any XRI provider without xri.net doing something.
Thoughts?
Comments (2)
-
reporter
-
reporter
- changed status to resolved
Fixed
#958XRI Verification→ <<cset c0811acc320d>>
- Log in to comment
- Assignee
- Type
- Priority
- Status
- resolved
- Component
- Migration
- Milestone
- Implementer's Draft
- Version
- –
- Votes
- 0
- Watchers
- 0
an all this be put into the draft by tomorrow morning’s call (in the Americas) so it can be reviewed then? I think that a note should be included that it’s not clear whether any XRI providers will become OpenID Connect Providers yet or not.