Solving XRDS’ Host Problem with XRD and host-meta

The ongoing efforts to define standard protocols for common web services have resulted in a wide variety of specifications. If you’re interested in the Internet’s plumbing, as I am, these are truly exciting times. One of the common pieces of functionality needed by all these specifications is discovery.

The most recent, and recommended, format for discovery is XRD (currently at Working Draft 15). XRD supersedes the older XRDS format, which has a convoluted evolution that can be traced in twists and turns through XRI Resolution, Yadis, and XRDS-Simple.

These older specifications define both a data format and a resolution protocol. The resolution protocol suffers a problem, however: it can’t distinguish between a host and a root-level resource. A succinct technical statement is provided in Eran Hammer-Lahav’s host-meta draft:

Because there is no URI or a resource available to describe a host,
many of the methods used for associating per-resource metadata (such
as HTTP headers) are not available. This often leads to the
overloading of the root HTTP resource (e.g. ‘http://example.com/’)
with host metadata that is not specific to the root resource (e.g. a
home page or web application), and which often has nothing to do it.

Take, for example, http://jaredhanson.net/, the URL I use to identify myself online. It has an XRDS document located at: http://jaredhanson.net/meta.xrds

<xrds:XRDS xmlns:xrds="xri://$xrds"
           xmlns="xri://$xrd*($v*2.0)">
<XRD>
  <Service>
    <Type>http://portablecontacts.net/spec/1.0</Type>
    <URI>http://www-opensocial.googleusercontent.com/api/people/</URI>
  </Service>
  <Service>
    <Type>http://specs.eaut.org/1.0/template</Type>
    <URI>http://jaredhanson.net/</URI>
  </Service>
</XRD>
</xrds:XRDS>

Among the services advertised are an address book available via Portable Contacts and an EAUT-based email address to URL translation service. The address book is very specifically associated with me; it is my address book. The EAUT service, however, is simply a service that is running at the domain jaredhanson.net; it is not associated with me directly. This case exhibits the conflict between the host and the root-level resource.

The new XRD specification does not define a resolution protocol. That task is left up to other specifications such as host-meta and LRDD. host-meta, in particular, addresses this conflict by registering a well-known URI for metadata about the host.

Looking again at my digital identity, things have been broken down into two separate documents. One for information about the host at: http://jaredhanson.net/.well-known/host-meta

<XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"
     xmlns:hm="http://host-meta.net/xrd/1.0">
  <hm:Host>jaredhanson.net</hm:Host>
  <Link rel="lrdd" template="http://jaredhanson.net/meta.xrd?id={uri}"/>
</XRD>

And another for information about me at: http://jaredhanson.net/meta.xrd

<XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0">
  <Subject>acct:me@jaredhanson.net</Subject>
  <Link rel="http://portablecontacts.net/spec/1.0" href="http://www-opensocial.googleusercontent.com/api/people/"/>
</XRD>

Using this schema, my address book remains in the XRD that describes me. However, WebFinger (the modern EAUT equivalent), which utilizes LRDD, moves to the host-meta XRD. This is a much cleaner approach, which resolves ambiguities about exactly what discovery is being performed on.

Comments

Lonna Hanson
says:
March 13, 2010 at 2:34 PM

Although I do not begin to understand the engineering behind your comments, I am amazed.
Mom

Monica Keller
says:
May 16, 2010 at 7:41 PM

What do you think of the concept or an LRDD processor which takes an argument ?

http://openidconnect.com/#discovery

Jared Hanson
says:
May 16, 2010 at 8:05 PM

My initial reaction, while reading through the strawman earlier today, was that I like it.

It does raise a few questions in my mind, however.

The biggest one being will each domain have to implement an LRDD processor? If so, clients will still bear the burden of implementing LRDD for domains that don’t have a processor. Can a client be configured with a “fallback” processor(s) at a well-known domain for this case? In which case I’d suggest terming them XRD resolvers (analogous to DNS resolvers), and note that the XRI TC is looking like it solved the right problems originally, just in the wrong context.

I’m looking forward to discussing this more at IIW.

Bruce
says:
May 19, 2010 at 1:00 PM

What do you think of the concept or an LRDD processor which takes an argument ?

http://openidconnect.com/#discovery

Post a comment