Explaining Discovery

Talking about XRDS-Simple the past few days, I realized that much of the confusion comes from a complete lack of real-world examples. Since the goal of the specification is to define a framework, not to instruct how individual use cases should be implemented, it is somewhat limited in its allowed scope. The biggest challenge in explaining XRDS-Simple is the wide range of use cases people expect it to solve. Just like other languages, the same idea can be expressed by XRDS-Simple in many ways, which is at the core of this extremely open and expendable format.

Focusing on the current themes of openness, the conversation around discovery really boils down to three use cases: identity discovery, resource discovery, and service discovery. Identity discovery focuses on finding out more about an individual from their URL identifier, a pattern established by OpenID and Microformats. Resource discovery allows attaching metadata to HTTP resources to offer more information about the resource that may not be represented by the resource itself. Service discovery describes a set of resources with a common context, providing a machine-readable inventory or big-picture overview.

While all three discovery types use the same technologies to implement them, their unique characteristics demand that they will be approached separately. The easiest way to explain the differences between these three discovery use cases is to give examples to questions they try to answer:

  • Identity Discovery – Who is this person? How to verify his or hers identity? Where is their online content stored? What social networks they use? What blogs do they read? Where is their profile photo stored? Where is their address book? What other identities do their have? How would they like to be contacted?
  • Resource Discovery – What API standards it supports? What is its authorization schema? Does it support OAuth? How should its content be embedded in another page? Who is the author? What is the copyright or license associated with it?
  • Service Discovery – What kind of endpoints and resources does the service provide? How to find out more about a member of the service given a username?

Over the next few days I will publish a series of post titled ‘Beginner’s Guide to Discovery’. This tutorial will use real-world examples to demonstrate how HTTP, Microformats, and XRDS-Simple works together to enable discovery, and how they might be used to solve real problems. It is not a complete reference, nor is it trying to create an authoritative implementation manual. It will be published in multiple parts, with the first few covering Identity Discovery and Resource Discovery.

6 thoughts on “Explaining Discovery

  1. Very good introduction to Discovery!
    One thing puzzles me:
    Why should a Relying Party start discovery towards the OpenID? Can we assume the RPs doing that?
    Shall the RP run a discovery procedure every time a new user registers?
    Is there any standard way to for the OpenID Provider to “signal” to the RP that it offers discoverable services?

  2. @Adrian: I am not sure I understand your questions but discovery is performed by the entity looking to find out more about the resource. In the case of OpenID, the entity is the Relaying Party and the resource is whatever URL the user used which can be any web page. The web page itself isn’t able to authenticate the user, but its metadata points in the right direction.

Comments are closed.