OpenID Authentication 2.0 について少し
OpenID Hack-a-thon や CodeReposのOpenID対応、builder techday などで実装レベルにおける OpenID 2.0 対応が少しずつ身近なものになってきました。OpenID 1.1 と OpenID 2.0 の違いについては、id:ZIGOROuさんの @IT の記事や builder techday での Lightning Talk が参考になると思います。
OpenID 1.1 と OpenID 2.0 の違いを簡単にいえば、
- Identifier に URL と XRI が使えるようになった
- Discovery の方式が変わった
といった辺りがポイントでしょうか。
Identifier に URL と XRI が使えるようになった
XRI (EXtensive Resource Identifier) については OpenID 2.0 の仕様書の Normative Reference にあります、[XRIResolution2.0] と [XRISyntax2.0] を参考にすると XRI の仕様が分かります。[XRIResolution2.0] で XRDS (EXtensive Resource Descripter Sequence) 文書を含む XRI を取り囲む仕様が、 [XRISyntax2.0] では XRI のシンタックスについての仕様が書かれています。XML関係で標準化を進める団体 OASIS の下で作成されました。XRI も URL と同様にあるリソースをユニークにするものです。なので、Identifier として利用することが出来るわけです。XRI については仕様をよく読めば理解できるかなと思います。
Discovery の方式が変わった
これは大きな変化です。例えば、fastladder.com で yahoo.com の OpenID を使おうとしたときに(すでに 「Sign in with Yahoo! ID」ボタンがあるのでアレなんですけど)、「yahoo.com」と入力しただけでOpenID プロバイダの認証ページにリダイレクトされるようになります。OpenID 1.1 のころですと、comewalk.livejournal.com のように長い URL の入力が必要でしたが、ドメインだけで充分になっています。OpenID 1.1 のころは comewalk.livejournal.com ならば以下のような Link Discovery が HTML ページのHEAD セクションにありました。
<link rel="openid.server" href="http://www.livejournal.com/openid/server.bml"/><link rel="openid.delegate" href="http://comewalk.livejournal.com/"/>
これが大きく変わります。OpenID 2.0 の仕様の 7.3 Discovery が参考になります。
1. If the identifier is an XRI, [XRI_Resolution_2.0] (Wachob, G., Reed, D., Chasen, L., Tan, W., and S. Churchill, "Extensible Resource Identifier (XRI) Resolution V2.0 - Committee Draft 02," .) will yield an XRDS document that contains the necessary information. It should also be noted that Relying Parties can take advantage of XRI Proxy Resolvers, such as the one provided by XDI.org at http://www.xri.net. This will remove the need for the RPs to perform XRI Resolution locally. 2. If it is a URL, the Yadis protocol (Miller, J., "Yadis Specification 1.0," .) [Yadis] SHALL be first attempted. If it succeeds, the result is again an XRDS document. 3. If the Yadis protocol fails and no valid XRDS document is retrieved, or no Service Elements (OpenID Service Elements) are found in the XRDS document, the URL is retrieved and HTML-Based discovery (HTML-Based Discovery) SHALL be attempted.
意訳すると、1.XRIが入力されたならばXRI Resolutionに従ってXRDS文書を探します。2.URLが入力されたならばYadisプロトコルでXRDS文書を探します。3.Yadisもダメ、XRDS文書もinvalidで、サービス要素である<xsd:Service>もない。ならば、HTMLのlink要素をみてみます。という具合です。
さらに以下の記述も変わります。
<link rel="openid.server" href="http://www.livejournal.com/openid/server.bml" /><link rel="openid.delegate" href="http://comewalk.livejournal.com/" />
OpenID 2.0 対応では次のようになります。サンプルが仕様書にあります。
<link rel="openid2.provider" href="http://www.livejournal.com/openid/server.bml" ><link rel="openid2.local_id" href="http://comewalk.livejournal.com/" />
OpenID 1.1 と OpenID 2.0 を共存させるには、rel属性に両方を書きます。
<link rel="openid2.provider openid.server" href="http://www.livejournal.com/openid/server.bml" /><link rel="openid2.local_id openid.delegate" href="http://comewalk.livejournal.com/" />
ところで、www.yahoo.com の HTML を見ても、OpenID の Discovery らしきものは見当たりません。Yadis の仕様書を見たらこんな記述がありました。
6.2.4 InitiationThe Yadis Protocol is initiated by the Relying Party Agent with an initial HTTP request using theYadis URL.This request MUST be either a GET or a HEAD request.A GET or HEAD request MAY include an HTTP Accept request-header (HTTP 14.1) specifying MIMEmedia type, application/xrds+xml.
GETかHEADで取ると。必要であれば Accept: application/xrds+xml を付けようと。
で試してみました。
comewalk:~ takatsugu$ telnet www.yahoo.com 80Trying 209.131.36.158...Connected to www.yahoo-ht3.akadns.net.Escape character is '^]'.HEAD / HTTP/1.1Host: www.yahoo.comAccept: applilcation/xrds+xmlHTTP/1.1 200 OKDate: Tue, 04 Mar 2008 15:31:02 GMTP3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"Cache-Control: privateVary: User-AgentX-XRDS-Location: http://open.login.yahooapis.com/openid20/www.yahoo.com/xrdsLast-Modified: Tue, 04 Mar 2008 15:22:48 GMTAccept-Ranges: bytesContent-Length: 9533Connection: closeContent-Type: text/html; charset=utf-8
お
X-XRDS-Location: http://open.login.yahooapis.com/openid20/www.yahoo.com/xrds
というのがかえってきました。yahoo.com は HEAD で取得できるようですね。で、http://open.login.yahooapis.com/openid20/www.yahoo.com/xrds というファイルが XRDS文書なのです。見ると
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns:openid="http://openid.net/xmlns/1.0" xmlns="xri://$xrd*($v*2.0)"> <xrd> <Service priority="0"> <Type>http://specs.openid.net/auth/2.0/server</Type> <Type>http://specs.openid.net/extensions/pape/1.0</Type> <uri>https://open.login.yahooapis.com/openid/op/auth</uri> </Service> </xrd></xrds:XRDS>
となっていて XPath でいうと /XRD/Service/URIなところにURLがありますね。そこが OpenID Provider の URL なのです。HTML の link要素から取得しないあたりがもう全然違っていて、面白いですね。これでやっと OpenID 2.0 の Discovery が理解できてきたのでアレをああしてこうできそうです。
まとめ
bradfitzやDavid Recordon、miyagawaさんやkazeburoさんなどのおかげで Net::OpenID::Consumer と Net::OpenID::Server が OpenID 2.0 に対応し、Six Apart の subversion repository から入手することができます。
svn co http://code.sixapart.com/svn/openid/branches/openid2/perl/ openid2
OpenIDの入力が簡単になった。Yahoo! など大手が OpenID Provider になった。あとは開発者の皆さんがご自分のプロダクトで OpenID 対応をすすめることが OpenID が広まるポイントだと思います。さあ、OpenID 2.0 対応をすすめていきましょう。
Hi there, I discovered your blog by way of Google while searching for a related topic, your web site came up, it seems to be great. I have bookmarked it in my google bookmarks. Hi there, simply became alert to your blog thru Google, and found that it's truly informative. I am gonna watch out for brussels. I will appreciate if you proceed this in future. Lots of other folks might be benefited out of your writing. Cheers!
Posted by: ugg boots cheap | 24 October 2014 at 11:27 AM
Hi there would you mind sharing which blog platform you're working with? I'm planning to start my own blog soon but I'm having a hard time choosing between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your design seems different then most blogs and I'm looking for something unique. P.S Sorry for getting off-topic but I had to ask!
Posted by: http://tinyurl.com/l8a3tkv | 24 October 2014 at 01:41 PM
I have been browsing online greater than 3 hours these days, but I never discovered any interesting article like yours. It is beautiful value sufficient for me. In my opinion, if all web owners and bloggers made excellent content material as you did, the net will be a lot more helpful than ever before.
Posted by: uggs boots | 24 October 2014 at 05:54 PM
There's definately a lot to learn about this topic. I really like all the points you made.
Posted by: http://tinyurl.com/kg6kvbz | 24 October 2014 at 09:01 PM
In addition, you be interested in that the weight loss doesnt have get complication over your body. You are probably thinking how the hell improving my eating habits will help me to lose back fat. To be able to be in a kickboxing class in Royal Palm Beach, FL and know that you are accomplishing many different aspects of life is just amazing.
Posted by: weight loss hcg southport | 25 October 2014 at 04:11 AM
I couldn't refrain from commenting. Very well written!
Posted by: ugg sale | 25 October 2014 at 10:20 AM
Ahaa, its fastidious discussion on the topic of this article at this place at this weblog, I have read all that, so at this time me also commenting at this place.
Posted by: mulberry veske | 27 October 2014 at 01:12 AM
Hello, I enjoy reading through your article. I wanted to write a little comment to support you.
Posted by: cheap ugg boots | 27 October 2014 at 05:41 PM
'My wɦole prοfession is about sound making and I am ѕimply too advanced in years to make such a ɦuge change to my whole understanding and perception of sound. I thіnk օne track of Damon and Nɑomi's in particularis much better than ɑnythin Galaxie 500 ever did. It is a fusion oof poρular dance muѕics from thе West such as jazz, soսl, Latin, and rocck blended with sabar, the tгaditional drumming and dance mսsic of Senegal.
Posted by: davuluri koteswara choudhary | 27 October 2014 at 07:23 PM
I am extremely inspired with your writing abilities and also with the layout to your weblog. Is that this a paid subject matter or did you customize it yourself? Either way stay up the excellent quality writing, it's rare to peer a great blog like this one these days..
Posted by: ugg boots canada | 27 October 2014 at 07:52 PM
It's a pity you don't have a donate button! I'd certainly donate to this fantastic blog! I guess for now i'll settle for bookmarking and adding your RSS feed to my Google account. I look forward to brand new updates and will talk about this website with my Facebook group. Talk soon!
Posted by: mvixusa hdhome theater | 20 November 2014 at 05:07 AM
Make sure that your jewelry is the last thing you put on in the beginning of your day and the first thing you take off, as soon as you can. Die groe Beliebtheit der Tasche fhrt allerdings auch dazu, dass Plagiate immer mehr zunehmen. Besides that, a Chanel bag is the symbol of quality and excellence in design.
Posted by: http://www.chanelfans1910.com | 08 December 2014 at 06:12 AM
After checking out a few of the blog articles on your website, I truly like your way of writing a blog. I added it to my bookmark webpage list and will be checking back in the near future. Please check out my website as well and tell me your opinion.
Posted by: fisher price family dollhouse | 10 December 2014 at 03:53 AM
Please let me know if you're looking for a author for your weblog. You have some really good posts and I believe I would be a good asset. If you ever want to take some of the load off, I'd absolutely love to write some content for your blog in exchange for a link back to mine. Please send me an e-mail if interested. Kudos!
Posted by: Www.Facebook.Com | 10 December 2014 at 05:10 AM
I pay a visit every day some web sites and information sites to read articles, however this website offers feature based posts.
Posted by: wordpress video tutorials | 10 December 2014 at 12:20 PM
Wonderful post however , I was wanting to know if you could write a litte more on this topic? I'd be very grateful if you could elaborate a little bit more. Cheers!
Posted by: feline greenies dental treats | 21 December 2014 at 01:28 AM
Hey there would you mind letting me know which web host you're utilizing? I've loaded your blog in 3 different web browsers and I must say this blog loads a lot quicker then most. Can you recommend a good web hosting provider at a fair price? Thanks, I appreciate it!
Posted by: hdmi high speed | 21 December 2014 at 06:34 PM
Appreciate the recommendation. Leet me try it out.
Posted by: real targeted twitter followers | 09 January 2015 at 05:24 PM
It's truly a nice and helpful piece of information. I am happy that you
just shared this useful info with us. Please stay us up to date like this.
Thank you for sharing.
Posted by: Viva Park | 15 August 2018 at 05:38 AM