Specification Refactoring Project

The specification refactoring project is an attempt initiated by Martin Atkins to refactor the specification ecosystem surrounding OpenID Authentication in an attempt to make it easier to understand and to reduce the amount of required reading to obtain an understanding of how OpenID operates and should be implemented.

The goals of the effort are:

• To remove dependencies on external specs as far as possible, and where not possible refer only to specs that most developers are already ostensibly familiar with such as HTTP and URI processing.
• To adjust the "articulation points" between specs to make library development and code re-use easier, and to better accomodate future specifications based on the foundations laid out here.

You can read the discussion about this on the OpenID specs mailing list.

Summary

This new approach adapts the existing Yadis specification into two new specifications. The first describes a subset of the XRDS format relevant to service discovery, which avoids the requirement for implementors to read the full XRDS schema defined by the XRI TC at OASIS. The second describes how to obtain an XRD element for a given HTTP or HTTPS URL for use with the first specification.

The XRI resolution specification effectively acts as the specification for retrieving an XRD element for an XRI (e.g. an i-name), so no additional spec is needed for this.

Finally, the OpenID Authentication 2.0 spec drops much of its prose about handling different sorts of URI and instead references the XRDS service discovery specification. However, as a special case support for HTTP and HTTPS discovery is retained because it is necessary for backward-compatibility with OpenID 1.1.

The end result is that the minimal reading for a functional OpenID implementation consists only of three specifications that are all under the OpenID umbrella. It also allows for user@domain-style URI mapping, currently under quite heated debate, to potentially be added later without delaying the publication of the OpenID Authentication 2.0 specification.

The Specifications

The following are new drafts of the three specifications:

• XRD-based Service Discovery
• XRD Discovery For HTTP and HTTPS URLs
• OpenID Authentication 2.0 (currently not on the wiki to avoid confusion with the "current" draft. See the proposal from the mailing list.)

New Discovery Specifications

If it becomes desirable to support other kinds of URI in the future, they can be supported via additional XRD discovery specifications which would work in parallel with the discovery mechanisms for HTTP URLs and XRIs. These can either be defined standalone, or they can define a mapping onto an HTTP URL and reference the HTTP/HTTPS discovery spec. Either way, the service discovery and OpenID Authentication specs do not need to change to accomodate a new identifier.