XRDS

Last updated

Background

The XML format used by XRDS was originally developed in 2004 by the OASIS XRI (extensible resource identifier) Technical Committee as the resolution format for XRIs. The acronym XRDS was coined during subsequent discussions between XRI TC members and OpenID developers at first Internet Identity Workshop held in Berkeley, CA in October 2005.

Contents

The protocol for discovering an XRDS document from a URL was formalized as the Yadis specification published by Yadis.org in March 2006. Yadis became the service discovery format for OpenID 1.1.

A common discovery service for both URLs and XRIs proved so useful that in November 2007 the XRI Resolution 2.0 specification formally added the URL-based method of XRDS discovery (Section 6). This format and discovery protocol subsequently became part of OpenID Authentication 2.0.

XRDS Simple

In early 2008, work on OAuth discovery by Eran Hammer-Lahav led to the development of XRDS Simple, a profile of XRDS that restricts it to the most basic elements and introduces some extensions to support OAuth discovery and other protocols that use specific HTTP methods. In late 2008, XRDS Simple has been cancelled and merged back into the main XRDS specification resulting in the upcoming XRD 1.0 format.

Example uses

Besides XRI resolution, examples of typical XRDS usage include:

Example XRDS document

Following is an example of an XRDS document for the fictional XRI i-name =example. This document would typically be requested from a Web server via HTTP or HTTPS using the content type application/xrds+xml. Note that the outer container <XRDS> element serves as a container for one or more <XRD> (Extensible Resource Descriptor) elements. Most simple XRDS documents have only one XRD. Other services like XRI resolution may construct a sequence of XRDs within a single XRDS document to reflect a chain of metadata about linked resources.

<?xml version="1.0" encoding="UTF-8"?><xrds:XRDSxmlns:xrds="xri://$xrds"xmlns="xri://$xrd*($v*2.0)"xmlns:openid="http://openid.net/xmlns/1.0"><XRDref="xri://=example"><Query>*example</Query><Statusceid="off"cid="verified"code="100"/><Expires>2008-05-05T00:15:00.000Z</Expires><ProviderID>xri://=</ProviderID><!-- synonym section --><LocalIDpriority="10">!4C72.6C81.D78F.90B2</LocalID><EquivIDpriority="10">http://example.com/example-user</EquivID><EquivIDpriority="15">http://example.net/blog</EquivID><CanonicalID>xri://=!4C72.6C81.D78F.90B2</CanonicalID><!-- service section --><Service><!-- XRI resolution service --><ProviderID>xri://=!F83.62B1.44F.2813</ProviderID><Type>xri://$res*auth*($v*2.0)</Type><MediaType>application/xrds+xml</MediaType><URIpriority="10">http://resolve.example.com</URI><URIpriority="15">http://resolve2.example.com</URI><URI>https://resolve.example.com</URI></Service><!-- OpenID 2.0 login service --><Servicepriority="10"><Type>http://specs.openid.net/auth/2.0/signon</Type><URI>http://www.myopenid.com/server</URI><LocalID>http://example.myopenid.com/</LocalID></Service><!-- OpenID 1.0 login service --><Servicepriority="20"><Type>http://openid.net/server/1.0</Type><URI>http://www.livejournal.com/openid/server.bml</URI><openid:Delegate>http://www.livejournal.com/users/example/</openid:Delegate></Service><!-- untyped service for access to files of media type JPEG --><Servicepriority="10"><Typematch="null"/><Pathselect="true">/media/pictures</Path><MediaTypeselect="true">image/jpeg</MediaType><URIappend="path">http://pictures.example.com</URI></Service></XRD></xrds:XRDS>

Synonyms

XRDS documents can assert zero or more synonyms for a resource. In this context, a synonym is another identifier (a URI or XRI) that identifies the same target resource. For instance, the example XRDS document above asserts four synonyms:

  1. The local synonym !4C72.6C81.D78F.90B2. This is a relative XRI synonym assigned by the provider of this XRDS document.
  2. The equivalent URL http://example.com/example-user with a priority of 10 (1 is the highest priority).
  3. The equivalent URL http://example.net/blog with a priority of 15 (a lower priority than the other equivalent URL above).
  4. The canonical identifier xri://=!4C72.6C81.D78F.90B2. This is an absolute XRI i-number for the target resource—a persistent identifier that will never be reassigned (the functional equivalent of a Uniform Resource Name).

For full details of XRDS synonym support, see XRI Resolution 2.0, Section 5.

Service endpoints (SEPs)

The other main purpose of XRDS documents is to assert the services associated with a resource, called service endpoints or SEPs. For instance, the example XRDS document above asserts four service endpoints for the represented resource:

  1. An XRI resolution service (type xri://$res*auth*($v*2.0)).
  2. An OpenID 2.0 authentication service (type http://openid.net/signon/2.0).
  3. An OpenID 1.0 authentication service (type http://openid.net/server/1.0).
  4. An untyped service for requesting resources with a media type image/jpeg.

For full details of XRDS service endpoints, see XRI Resolution 2.0, Sections 4.2 and 13.

Service types

In XRDS documents, a service is identified using a URI or XRI. Following are listings of well-known service types. See also XRDS Type, an open community effort begun in May 2008 to provide a catalog of XRDS service types.

XRI resolution

Common NameURI or XRISourceEstablished
Authority Resolutionxri://$res*auth*($v*2.0) XRI Resolution 2.0 March 2005
Proxy Resolutionxri://$res*proxy*($v*2.0) XRI Resolution 2.0 March 2005

OpenID

Common NameURI or XRISourceEstablished
OpenID 1.0 http://openid.net/server/1.0 OpenID Authentication 2.0, Section 14.2.1June 2005
OpenID 1.1 http://openid.net/server/1.1 OpenID Authentication 2.0, Section 14.2.1May 2006
OpenID 2.0 – Standard Login http://specs.openid.net/auth/2.0/signon OpenID Authentication 2.0, Section 7.3.2.1.2December 2007
OpenID 2.0 – OP Identifier Login http://specs.openid.net/auth/2.0/server OpenID Authentication 2.0, Section 7.3.2.1.1December 2007
OpenID Attribute Exchange 1.0 http://openid.net/srv/ax/1.0 OpenID Attribute Exchange 1.0, Section 2December 2007

OAuth discovery

Common NameURI or XRISourceEstablished
OAuth Discovery http://oauth.net/discovery/1.0 OAuth Discovery Draft 2 March 2008

Licensing

XRDS is an open public royalty-free OASIS specification. The OASIS XRI Technical Committee has operated since its inception in 2003 under a royalty-free licensing policy as stated in its charter and IPR page

See also

Related Research Articles

XML Linking Language, or XLink, is an XML markup language and W3C specification that provides methods for creating internal and external links within XML documents, and associating metadata with those links.

Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. SAML is also:

Extensible Name Service is an open protocol for universal addressing and automated data exchange. It is an XML-based digital identity architecture.

i-numbers are a type of Internet identifier designed to solve the problem of how any web resource can have a persistent identity that never changes even when the web resource moves or changes its human-friendly name. For example, if a web page has an i-number, and links to that page use the i-number, then those links will not break even if the page is renamed, the website containing the page is completely reorganized, or the page is moved to another website.

I-names are one form of an XRI — an OASIS open standard for digital identifiers designed for sharing resources and data across domains and applications. I-names are human readable XRIs intended to be as easy as possible for people to remember and use. For example, a personal i-name could be =Mary or =Mary.Jones. An organizational i-name could be @Acme or @Acme.Corporation.

<span class="mw-page-title-main">OpenID</span> Open and decentralized authentication protocol standard

OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites using a third-party identity provider (IDP) service, eliminating the need for webmasters to provide their own ad hoc login systems, and allowing users to log in to multiple unrelated websites without having to have a separate identity and password for each. Users create accounts by selecting an OpenID identity provider, and then use those accounts to sign on to any website that accepts OpenID authentication. Several large organizations either issue or accept OpenIDs on their websites.

XACML stands for "eXtensible Access Control Markup Language". The standard defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to evaluate access requests according to the rules defined in policies.

<span class="mw-page-title-main">Yadis</span>

Yadis is a communications protocol for discovery of services such as OpenID, OAuth, and XDI connected to a Yadis ID. While intended to discover digital identity services, Yadis is not restricted to those. Other services can easily be included.

Security Assertion Markup Language (SAML) is an XML standard for exchanging authentication and authorization data between security domains. SAML is a product of the OASIS (organization) Security Services Technical Committee.

Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization identities between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal between a SAML authority, named an Identity Provider, and a SAML consumer, named a Service Provider. SAML 2.0 enables web-based, cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user.

The Open Packaging Conventions (OPC) is a container-file technology initially created by Microsoft to store a combination of XML and non-XML files that together form a single entity such as an Open XML Paper Specification (OpenXPS) document. OPC-based file formats combine the advantages of leaving the independent file entities embedded in the document intact and resulting in much smaller files compared to normal use of XML.

WS-SecurityPolicy is a web services specification, created by IBM and 12 co-authors, that has become an OASIS standard as of version 1.2. It extends the fundamental security protocols specified by the WS-Security, WS-Trust and WS-SecureConversation by offering mechanisms to represent the capabilities and requirements of web services as policies. Security policy assertions are based on the WS-Policy framework.

N-Triples is a format for storing and transmitting data. It is a line-based, plain text serialisation format for RDF graphs, and a subset of the Turtle format. N-Triples should not be confused with Notation3 which is a superset of Turtle. N-Triples was primarily developed by Dave Beckett at the University of Bristol and Art Barstow at the World Wide Web Consortium (W3C).

XML documents typically refer to external entities, for example the public and/or system ID for the Document Type Definition. These external relationships are expressed using URIs, typically as URLs.

<span class="mw-page-title-main">Web Services Description Language</span> XML-based interface description language

The Web Services Description Language is an XML-based interface description language that is used for describing the functionality offered by a web service. The acronym is also used for any specific WSDL description of a web service, which provides a machine-readable description of how the service can be called, what parameters it expects, and what data structures it returns. Therefore, its purpose is roughly similar to that of a type signature in a programming language.

In computing, Open Data Protocol (OData) is an open protocol that allows the creation and consumption of queryable and interoperable REST APIs in a simple and standard way. Microsoft initiated OData in 2007. Versions 1.0, 2.0, and 3.0 are released under the Microsoft Open Specification Promise. Version 4.0 was standardized at OASIS, with a release in March 2014. In April 2015 OASIS submitted OData v4 and OData JSON Format v4 to ISO/IEC JTC 1 for approval as an international standard. In December 2016, ISO/IEC published OData 4.0 Core as ISO/IEC 20802-1:2016 and the OData JSON Format as ISO/IEC 20802-2:2016.

An identity provider is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network.

XHTML+RDFa is an extended version of the XHTML markup language for supporting RDF through a collection of attributes and processing rules in the form of well-formed XML documents. XHTML+RDFa is one of the techniques used to develop Semantic Web content by embedding rich semantic markup. Version 1.1 of the language is a superset of XHTML 1.1, integrating the attributes according to RDFa Core 1.1. In other words, it is an RDFa support through XHTML Modularization.

An Extensible Resource Identifier is a scheme and resolution protocol for abstract identifiers compatible with Uniform Resource Identifiers and Internationalized Resource Identifiers, developed by the XRI Technical Committee at OASIS. The goal of XRI was a standard syntax and discovery format for abstract, structured identifiers that are domain-, location-, application-, and transport-independent, so they can be shared across any number of domains, directories, and interaction protocols.

The SAML metadata standard belongs to the family of XML-based standards known as the Security Assertion Markup Language (SAML) published by OASIS in 2005. A SAML metadata document describes a SAML deployment such as a SAML identity provider or a SAML service provider. Deployments share metadata to establish a baseline of trust and interoperability.

References