OpenID Authentication 2.0 について少し
OpenID Hack-a-thon や CodeReposのOpenID対応、builder techday などで実装レベルにおける OpenID 2.0 対応が少しずつ身近なものになってきました。OpenID 1.1 と OpenID 2.0 の違いについては、id:ZIGOROuさんの @IT の記事や builder techday での Lightning Talk が参考になると思います。
OpenID 1.1 と OpenID 2.0 の違いを簡単にいえば、
- Identifier に URL と XRI が使えるようになった
- Discovery の方式が変わった
といった辺りがポイントでしょうか。
Identifier に URL と XRI が使えるようになった
XRI (EXtensive Resource Identifier) については OpenID 2.0 の仕様書の Normative Reference にあります、[XRIResolution2.0] と [XRISyntax2.0] を参考にすると XRI の仕様が分かります。[XRIResolution2.0] で XRDS (EXtensive Resource Descripter Sequence) 文書を含む XRI を取り囲む仕様が、 [XRISyntax2.0] では XRI のシンタックスについての仕様が書かれています。XML関係で標準化を進める団体 OASIS の下で作成されました。XRI も URL と同様にあるリソースをユニークにするものです。なので、Identifier として利用することが出来るわけです。XRI については仕様をよく読めば理解できるかなと思います。
Discovery の方式が変わった
これは大きな変化です。例えば、fastladder.com で yahoo.com の OpenID を使おうとしたときに(すでに 「Sign in with Yahoo! ID」ボタンがあるのでアレなんですけど)、「yahoo.com」と入力しただけでOpenID プロバイダの認証ページにリダイレクトされるようになります。OpenID 1.1 のころですと、comewalk.livejournal.com のように長い URL の入力が必要でしたが、ドメインだけで充分になっています。OpenID 1.1 のころは comewalk.livejournal.com ならば以下のような Link Discovery が HTML ページのHEAD セクションにありました。
<link rel="openid.server" href="http://www.livejournal.com/openid/server.bml"/><link rel="openid.delegate" href="http://comewalk.livejournal.com/"/>
これが大きく変わります。OpenID 2.0 の仕様の 7.3 Discovery が参考になります。
1. If the identifier is an XRI, [XRI_Resolution_2.0] (Wachob, G., Reed, D., Chasen, L., Tan, W., and S. Churchill, "Extensible Resource Identifier (XRI) Resolution V2.0 - Committee Draft 02," .) will yield an XRDS document that contains the necessary information. It should also be noted that Relying Parties can take advantage of XRI Proxy Resolvers, such as the one provided by XDI.org at http://www.xri.net. This will remove the need for the RPs to perform XRI Resolution locally. 2. If it is a URL, the Yadis protocol (Miller, J., "Yadis Specification 1.0," .) [Yadis] SHALL be first attempted. If it succeeds, the result is again an XRDS document. 3. If the Yadis protocol fails and no valid XRDS document is retrieved, or no Service Elements (OpenID Service Elements) are found in the XRDS document, the URL is retrieved and HTML-Based discovery (HTML-Based Discovery) SHALL be attempted.
意訳すると、1.XRIが入力されたならばXRI Resolutionに従ってXRDS文書を探します。2.URLが入力されたならばYadisプロトコルでXRDS文書を探します。3.Yadisもダメ、XRDS文書もinvalidで、サービス要素である<xsd:Service>もない。ならば、HTMLのlink要素をみてみます。という具合です。
さらに以下の記述も変わります。
<link rel="openid.server" href="http://www.livejournal.com/openid/server.bml" /><link rel="openid.delegate" href="http://comewalk.livejournal.com/" />
OpenID 2.0 対応では次のようになります。サンプルが仕様書にあります。
<link rel="openid2.provider" href="http://www.livejournal.com/openid/server.bml" ><link rel="openid2.local_id" href="http://comewalk.livejournal.com/" />
OpenID 1.1 と OpenID 2.0 を共存させるには、rel属性に両方を書きます。
<link rel="openid2.provider openid.server" href="http://www.livejournal.com/openid/server.bml" /><link rel="openid2.local_id openid.delegate" href="http://comewalk.livejournal.com/" />
ところで、www.yahoo.com の HTML を見ても、OpenID の Discovery らしきものは見当たりません。Yadis の仕様書を見たらこんな記述がありました。
6.2.4 InitiationThe Yadis Protocol is initiated by the Relying Party Agent with an initial HTTP request using theYadis URL.This request MUST be either a GET or a HEAD request.A GET or HEAD request MAY include an HTTP Accept request-header (HTTP 14.1) specifying MIMEmedia type, application/xrds+xml.
GETかHEADで取ると。必要であれば Accept: application/xrds+xml を付けようと。
で試してみました。
comewalk:~ takatsugu$ telnet www.yahoo.com 80Trying 209.131.36.158...Connected to www.yahoo-ht3.akadns.net.Escape character is '^]'.HEAD / HTTP/1.1Host: www.yahoo.comAccept: applilcation/xrds+xmlHTTP/1.1 200 OKDate: Tue, 04 Mar 2008 15:31:02 GMTP3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"Cache-Control: privateVary: User-AgentX-XRDS-Location: http://open.login.yahooapis.com/openid20/www.yahoo.com/xrdsLast-Modified: Tue, 04 Mar 2008 15:22:48 GMTAccept-Ranges: bytesContent-Length: 9533Connection: closeContent-Type: text/html; charset=utf-8
お
X-XRDS-Location: http://open.login.yahooapis.com/openid20/www.yahoo.com/xrds
というのがかえってきました。yahoo.com は HEAD で取得できるようですね。で、http://open.login.yahooapis.com/openid20/www.yahoo.com/xrds というファイルが XRDS文書なのです。見ると
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns:openid="http://openid.net/xmlns/1.0" xmlns="xri://$xrd*($v*2.0)"> <xrd> <Service priority="0"> <Type>http://specs.openid.net/auth/2.0/server</Type> <Type>http://specs.openid.net/extensions/pape/1.0</Type> <uri>https://open.login.yahooapis.com/openid/op/auth</uri> </Service> </xrd></xrds:XRDS>
となっていて XPath でいうと /XRD/Service/URIなところにURLがありますね。そこが OpenID Provider の URL なのです。HTML の link要素から取得しないあたりがもう全然違っていて、面白いですね。これでやっと OpenID 2.0 の Discovery が理解できてきたのでアレをああしてこうできそうです。
まとめ
bradfitzやDavid Recordon、miyagawaさんやkazeburoさんなどのおかげで Net::OpenID::Consumer と Net::OpenID::Server が OpenID 2.0 に対応し、Six Apart の subversion repository から入手することができます。
svn co http://code.sixapart.com/svn/openid/branches/openid2/perl/ openid2
OpenIDの入力が簡単になった。Yahoo! など大手が OpenID Provider になった。あとは開発者の皆さんがご自分のプロダクトで OpenID 対応をすすめることが OpenID が広まるポイントだと思います。さあ、OpenID 2.0 対応をすすめていきましょう。
I do agree with all of the ideas you have presented in your post. They are very convincing and will certainly work. Still, the posts are too short for starters. Could you please extend them a little from next time? Thanks for the post.
Posted by: book of ra | 05 February 2014 at 03:17 AM
Wow that was strange. I just wrote an extremely long comment but after I clicked submit my comment didn't appear. Grrrr... well I'm not writing all that over again. Anyways, just wanted to say superb blog!
Posted by: free psn codes | 08 February 2014 at 10:40 PM
Appreciate the recommendation. Let me try it out.
Posted by: cheap jordan shoes | 14 February 2014 at 04:09 AM
Hi there all, here every person is sharing these know-how, thus it's good to read this web site, and I used to pay a quick visit this blog everyday.
Posted by: toilet reviews | 17 February 2014 at 04:41 PM
Horoscope msn semaine mon avenir sentimental gratuit
Posted by: voyance gratuite | 20 February 2014 at 02:31 PM
Hi there! I'm at work surfing around your blog from my new iphone 3gs! Just wanted to say I love reading your blog and look forward to all your posts! Carry on the outstanding work!
Posted by: คาสิโน | 22 February 2014 at 08:56 AM
divorce franco marocain avocat caen divorce
Posted by: serrurier paris | 22 February 2014 at 08:54 PM
These are actually wonderful ideas in on the topic of blogging. You have touched some fastidious points here. Any way keep up wrinting.
Posted by: sbo | 24 February 2014 at 02:00 AM
I drop a comment whenever I like a post on a site or I have something to valuable to contribute to the conversation. Usually it's triggered by the passion communicated in the article I read. And on this article blog.comewalk.com : OpenID Authentication 2.0 について少し. I was actually moved enough to post a commenta response ;-) I do have 2 questions for you if it's allright. Could it be simply me or do some of the comments look as if they are written by brain dead people? :-P And, if you are posting at other online social sites, I'd like to keep up with anything new you have to post. Could you list the complete urls of all your shared sites like your linkedin profile, Facebook page or twitter feed?
Posted by: sha ke8 | 24 February 2014 at 02:22 AM
magnificent submit, very informative. I ponder why the opposite specialists of this sector do not understand this. You should continue your writing. I am sure, you've a huge readers' base already!
Posted by: sbobet ทางเข้า | 06 March 2014 at 04:57 PM
A fascinating discussion is definitely worth comment. There's no doubt that that you ought to write more about this topic, it may not be a taboo matter but typically people don't discuss these issues. To the next! Kind regards!!
Posted by: cpp.capibara.com | 09 March 2014 at 01:25 AM
Avoid any emotional mess by committing to this individual and then breaking his coronary heart. These had been some of the flattering pick up lines that can pave the way to your lady adore's coronary heart.
Posted by: funny pick up lines to make guys laugh | 23 April 2014 at 09:30 PM
ңey ɑre usiոg Wordpгеss fߋr your blog ρlatfοrm? I'm new to the Ƅlog world but I'm tryiոg to get startеd and set up my оwn. Do you need any html coding knowledgе to make your own blog? Anƴ help woսld be greatly apprеϲiated!
Posted by: budowa domu koszalin cennik, | 24 April 2014 at 11:17 AM
Your tweets are automatically delivered during the time you requested. This can be a great way to avoid slow streaming movie.
Posted by: free cydia tweaks sources | 24 April 2014 at 10:48 PM
Highfidelity-John Cusack again plays a task he is created for. I want to encourage one to think about getting the same experience we'd. The release of the video was detained after the September 11 attacks.
Posted by: Sanora | 25 April 2014 at 03:54 AM
Sweet blߋg! I found it whіle ѕearching on Yɑhoo Nеws. Do you have any suggestiolns on hoow to get listed in Yahoo News? I've been trying for a while bսt ӏ never seem to get there! Thanks
Posted by: Elyse | 25 April 2014 at 10:47 PM
Appreciation to my father who told me on the topic of this webpage, this website is actually awesome.
Posted by: calgary h2s training | 05 May 2014 at 07:32 AM
Very nice post. I just stumbled upon your weblog and wished to say that I have truly enjoyed surfing around your blog posts. After all I will be subscribing to your feed and I hope you write again soon!
Posted by: chris | 06 June 2014 at 04:45 PM
Yes! Finally someone writes about purchasing.
Posted by: Florencia | 25 June 2014 at 03:34 PM
Excellent article. Keep writing such kind of info on your site. Im really impressed by your blog. Hello there, You've done an incredible job. I'll definitely digg it and in my view recommend to my friends. I am sure they will be benefited from this web site.
Posted by: sclab.kaist.ac.kr | 15 July 2014 at 02:09 AM
Lisa Beverley writes highly informative and researched articles for end consumers about a variety of Weight and Diet including remedies, weight loss diet and simple weight loss, slimming, weight loss products, bodybuilding supplements and diet tips. However, there are risks along with negative penalty to just cutting out many the calories that are apt to be eaten. Secondly, buying homeopathic drops on the Internet can be troublesome, as you don't know what you are getting.
Posted by: Natural weight Loss | 15 July 2014 at 10:25 AM
The main function of the HCG hormone is to protect the fetus. It was something I had to research and explore, since my patients were asking for it, and I had really turned away from this approach. People on HCG eating plans notice outcome quickly, also within times of starting the program.
Posted by: best hcg drops youtube | 18 July 2014 at 12:35 PM
Howdy! Someone in my Facebook group shared this site with us so I came to check it out. I'm definitely loving the information. I'm bookmarking and will be tweeting this to my followers! Terrific blog and excellent design.
Posted by: Canada Goose Soldes | 25 July 2014 at 01:52 AM
This is really interesting, You are a very skilled blogger. I have joined your feed and look forward to seeking more of your wonderful post. Also, I've shared your website in my social networks!
Posted by: above ground pool | 25 July 2014 at 02:13 AM
First off I would like to say excellent blog! I had a quick question which I'd like to ask if you do not mind. I was interested to find out how you center yourself and clear your mind prior to writing. I've had difficulty clearing my thoughts in getting my ideas out. I truly do take pleasure in writing but it just seems like the first 10 to 15 minutes are lost just trying to figure out how to begin. Any suggestions or hints? Cheers!
Posted by: tierradev.zendesk.com | 25 July 2014 at 02:18 PM