Yadis
From Wikipedia, the free encyclopedia
Yadis is an open initiative to build an interoperable lightweight discovery protocol for decentralized, user-centric digital identity and related purposes. Yadis aims to allow the capabilities of identities to be composed from an open-ended set of services, defined and/or implemented by many different parties.
By allowing each party in an online relationship to choose the authentication and data sharing protocols they want to use to share their information, Yadis hopes to foster the development of mutual trust and respect. Yadis also aims to let Internet users define what information they expose to which third parties and which services they use.
Contents |
[edit] Built on established common practice
Yadis is designed to be a minimal addition to existing standard practice on the web. Like the great majority of existing web sites, Yadis sites take traditional URLs (web site addresses) as identifiers or "addresses" for the Yadis documents representing people and services. For example, a user called Matthew White might have his Yadis home page at <www.matthewwhite.net>, or perhaps <www.myinfoservice.com/matthewwhite>. In knowing Matthew's home page address, his friend would know where to go on the web to exchange information with him.
[edit] Modular architecture
Yadis follows the REST-ful, "small pieces loosely joined" paradigm that has proven to be successful in the development of the web.
The basic assumption is that identities can be addressed with URLs, or with other identifiers (such as i-names) that can be resolved to URLs. Yadis then associates an XML-based capability document with each URL that expresses which capabilities (or services) this URL has.
The owner of any Yadis URL can choose which protocols to support. Similarly, a Relying Party such as a website accepting Yadis URLs as identifiers can select an appropriate protocol to use for authentication. This can allow existing web sites, like blogs, to easily implement basic Yadis functionality (for instance, redirecting users who arrive at the blog to relevant information about the person the blog belongs to) while also making it possible to build many more advanced applications (for example, allowing complex queries of a site-owner's information to be submitted directly to the Yadis site as an extension of the URL itself).
[edit] Yadis capability document
The capability document associated with an identity URL is found either:
- by following a custom HTTP response header called
X-XRDS-Location
, - an equivalent entry in the HTML HEAD section, called
<meta http-equiv="X-XRDS-Location" content="http://example.com/yadis.xml">
, or - by requesting a special mime type called
application/xrds+xml
when performing an HTTP GET on the identity URL.
Developers can choose which of the alternatives to implement, based on factors such as whether they can run software at the identity URL or not.
Here is an example Yadis capability document:
<?xml version="1.0" encoding="UTF-8"?> <xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)" xmlns:openid="http://openid.net/xmlns/1.0"> <XRD> <Service priority="50"> <Type>http://openid.net/signon/1.0</Type> <URI>http://www.myopenid.com/server</URI> <openid:Delegate>http://smoker.myopenid.com/</openid:Delegate> </Service> <Service priority="10"> <Type>http://openid.net/signon/1.0</Type> <URI>http://www.livejournal.com/openid/server.bml</URI> <openid:Delegate>http://www.livejournal.com/users/frank/</openid:Delegate> </Service> <Service priority="20"> <Type>http://lid.netmesh.org/sso/2.0</Type> <URI>http://mylid.net/liddemouser</URI> </Service> <Service> <Type>http://lid.netmesh.org/sso/1.0</Type> </Service> </XRD> </xrds:XRDS>
If this Yadis document was returned, using one of the listed mechanisms, for a URL, it would express the following information:
- The URL is a Yadis identity URL
- This URL supports the OpenID protocol, through two servers and two delegates
- This URL supports version 1.0 and version 2.0 of the LID protocol, with a delegate
- The owner of this identity URL prefers to using sign-on using their LiveJournal account and the OpenID protocol (priority 10). If that is not possible -- e.g. because a Relying Party does not support OpenID, or because the LiveJournal server is unavailable --, they would like to use the LID URL http://mylid.net/liddemouser (priority 20), followed by the MyOpenID service (priority 50).
[edit] LID, OpenID and the developer community
Yadis was initiated by developers of the Light-Weight Identity (LID) and OpenID protocols: Johannes Ernst of NetMesh, and Brad Fitzpatrick and David Recordon of LiveJournal and Six Apart. This collaboration was then joined by members of the OASIS XRI Technical Committee, particularly those working on i-names.
However, as Yadis is an open initiative, it is hoped that other developers will start using Yadis lightweight capabilities description, making possible a "mix and match" approach to building Yadis-enabled applications, enabling application developers to choose their own balance between ease of implementation on one hand, and range of features on the other.