Yadis Frequently Asked Questions (FAQ)
- What is Yadis, exactly?
- Given an identity URL and no other information, how do we know what protocol needs to be used to authenticate that user? Yadis is a service discovery system reliance first capital allowing relying parties (aka identity consumers or membersites) to determine automatically, without end-user intervention, the most appropriate protocol to use.
Examples of such services are:
- Single sign-on across web sites
- Profile exchange and form filling
- Blog anti-spam
Yadis provides the first step for any service that uses identifiers for authentication, accountability, privacy controlled data exchange and more.
- Identity URLs? What?
There are several projects concurrently working towards decentralised identity or single sign-on. Many of these use URLs as identifiers. Yadis was initiated by the leaders of the LID and OpenID projects.
After the Yadis session at the October 2005 Internet Identity Workshop, the XRI folks working on i-names joined the effort as well. Yadis is applicable to any URL-based identity system, such as Sxip or mIDm, and by no means is tied to OpenID, LID, or XRI. For more information, please take a look at the individual project sites and at the Yadis FAQ.
- What does Yadis do for me?
The Yadis specification provides:
- A general purpose identifier for persons and any other entities, which can be used in a variety of services.
- A syntax for a resource description document identifying services available using that identifier and an interpretation of the elements of that document.
- A protocol for obtaining that resource description document, given that identifier.
- How does Yadis work?
- The purpose of the Yadis protocol is to enable a Relying Party to obtain a Yadis Resource Descriptor that describes the services available using a Yadis ID.
- Overview of the Yadis Protocol
To discover which services are available using a Yadis ID, the Relying Party Agent makes an HTTP request. This request may take any one of several forms, specified in Clause 6.2.3 of the Yadis Specification.
In response to the request, the Relying Party Agent obtains either:
- A Yadis document.
- A URL that locates a Yadis document.
- Overview of the Yadis document
- The Yadis document is based on a simple, extensible XML document called an Extensible Resource Descriptor (abbreviated 'XRD'). The format of XRD documents is being specified by the XRI Technical Committee of OASIS (see the XRI Resolution 2.0 specification.) The XML schemas for the Yadis document are specified in Clause 7.5 of the Yadis Specification. The Yadis document contains a Yadis Resource Descriptor, which provides a list of identifiers of services. These are the services that know the User identified by the Yadis ID used to obtain the Yadis document. In the case of some services, additional data is included in the Yadis Resource Descriptor for use by the Relying Party Agent in making a request to that service. Such additional data is not specified in the Yadis Specification but is specified in the definition of that service. The Yadis Resource Descriptor also enables the User to specify which services it prefers be used.
- Would it be reasonable to use Yadis for non-identity service discovery?
- Absolutely. For example, you can consider the frequent "link" headers in HTML to be a shorthand for full YADIS, just like OpenID's openid.* tags in HTML have been re-explained as shorthands for entries a proper YADIS file. YADIS files can be considered collections of metadata for URLs, and weight loss pills because YADIS is an extensible format, just about any metadata can be represented. Without extensions, the basic structure is that each URL can have N services associated with it, each of which has one or more service types. For example, one service type might be "this is how you add content to this page", another "this is where you find the FOAF file that goes with this identity URL."
- Can Yadis support non-URL based identifiers, such as i-names?
- Yes, i-names are resolvable to URLs.
- Can Yadis be abused by phishers?
- Yadis itself doesn't really add to or reduce security; the integrated identity systems (such as LID, OpenID) are responsible for security including anti-phishing measures.
- If all I want is OpenID, what does Yadis actually add?
- As an end-user, you will be able to enter your OpenID URL into a Yadis-enabled server and have the server automatically detect that the URL is an OpenID identifier and, assuming it supports OpenID, go ahead and do the authentication with no further questions.
- If all I want is LID, what does Yadis actually add?
- As an end-user, you will be able to enter your LID URL into a Yadis-enabled server and have it automatically detect that the URL is a LID identifier and, assuming it supports LID, go ahead and do the authentication with no further questions.
- If I have a current OpenID or LID implementation, what is the minimum amount of work I need to do to be Yadis-compliant?
- You create an XRDS file that describes the feature(s) in your implementation. You reference the URL of that XRDS file when your identity URL is accessed. That's it.
- What are the *real* problems Yadis is going to solve, and how?
- A Yadis enabled server provides a single box to enter your Yadis ID. You enter http://me.somewhere.com/ into the box. How do we know what kind of identfier it is? It might be an OpenID, LID or some other kind of Yadis ID.