What is Yadis
What is Yadis, exactly?
Given an identity URL and no other information, how do we know what protocol needs to be used to authenticate that a user? Yadis is a service discovery system allowing relying parties (aka identity consumers or membersites) to determine automatically, without end-user intervention, the most appropriate protocol to use.
Examples of such services are:
- Single sign-on across web sites
- Profile exchange and form filling
- Blog anti-spam
Yadis provides the first step for any service that uses identifiers for authentication, accountability, privacy controlled data exchange and more.
Identity URLs? What?
There are several projects concurrently working towards decentralised identity or single sign-on. Many of these use URLs as identifiers. Yadis was initiated by the leaders of the LID and OpenID projects.
After the Yadis session at the October 2005 Internet Identity Workshop, the XRI folks working on i-names joined the effort as well. Yadis is applicable to any URL-based identity system, such as Sxip or mIDm, and by no means is tied to OpenID, LID, or XRI. For more information, please take a look at the individual project sites and at the Yadis FAQ.
What does Yadis do for me?
The Yadis specification provides:
- A general purpose identifier for persons and any other entities, which can be used in a variety of services.
- A syntax for a resource description document identifying services available using that identifier and an interpretation of the elements of that document.
- A protocol for obtaining that resource description document, given that identifier.
Together these enable coexistence and interoperation of a rich variety of services using a single identifier. The identifier uses a standard syntax and a well-established namespace; it requires no additional namespace administration infrastructure.
When a User offers a Yadis ID to a Relying Party, that Relying Party will want to discover which services are available using that Yadis ID.
- Is it an OpenID URL, an XRI, a LID or a Sxip ID?
- What authentication methods are available?
- What other services?
How does Yadis work?
The purpose of the Yadis protocol is to enable a Relying Party to obtain a Yadis Resource Descriptor that describes the services available using a Yadis ID.
Overview of the Yadis Protocol
To discover which services are available using a Yadis ID, the Relying Party Agent makes an HTTP request. This request may take any one of several forms, specified in Clause 6.2.3 of the Yadis Specification.
In response to the request, the Relying Party Agent obtains either:
- A Yadis document.
- A URL that locates a Yadis document.
The Yadis document contains a Yadis Resource Descriptor, which identifies the services available using that Yadis ID, including services that can authenticate the User.
Overview of the Yadis document
The Yadis document is based on a simple, extensible XML document called an Extensible Resource Descriptor (abbreviated 'XRD'). The format of XRD documents is being specified by the XRI Technical Committee of OASIS (see the XRI Resolution 2.0 specification.) The XML schemas for the Yadis document are specified in Clause 7.5 of the Yadis Specification.
The Yadis document contains a Yadis Resource Descriptor, which provides a list of identifiers of services. These are the services that know the User identified by the Yadis ID used to obtain the Yadis document.
In the case of some services, additional data is included in the Yadis Resource Descriptor for use by the Relying Party Agent in making a request to that service. Such additional data is not specified in the Yadis Specification but is specified in the definition of that service.
The Yadis Resource Descriptor also enables the User to specify which services it prefers be used.