PHP, Zend Framework and Other Crazy Stuff
Archive for February, 2007
Zend_Service_Yadis Proposal
Feb 22nd
As part of the overall OpenID support goal, I have just formalised my proposal to support a Yadis Service in the Zend Framework and added to the ZF Wiki. If you wish to review and comment, the url is: Zend Framework Proposals: Zend_Service_Yadis - Pádraic Brady. If you don’t have a Wiki account you can add your comments to this blog entry.
The current approach focuses exclusively on the URL. I know there has been lots of progress regarding XRI, i-names, ILI and even an SMTP extension to Yadis however these will be dealt with once the main specification is implemented assuming demand and providers exist. Of course this all assumes the Proposal will even be approved 
. As some are aware the roadmap to Zend Framework 1.0 is very tight, so my main aim is get the proposal to the Laboratory stage along with a few others I’ll propose in coming days and weeks.
Post 1.0 should hopefully see these components then reaching the Incubator within Zend Framework releases. In the meantime I’ll be setting up a more independent Subversion repository - a lot of the code has been occupying a QGL branch for convenience sake to date.
Edit: The initial source code is now being committed to http://svn.astrumfutura.org/zendframework/trunk/library/Zend/Service/, so you can export the entire trunk tree to see how it all fits together. Just be aware only the main service class is remotely finished and awaiting its unit testing.
Yadis: Service Discovery for Identities like OpenID (Part 2)
Feb 21st
Service Descriptions - The Yadis Resource Descriptor (XRD)
After all this fuss and running about, it’s easy to miss the point of Yadis - getting that final Yadis XRD document that describes the Services associated with a given ID. Sticking with our OpenID example, we know that in order to start authenticating a user on an OpenID Server, we need a few bits of information:
1. The OpenID Server URL; the URL to which HTTP requests will be made.
2. The OpenID Delegate: The ID of the current user on the OpenID Server (not their alias!)
3. The OpenID Service Types offered: For OpenID, this can include Signon 1.0, Signon 1.1 and Simple Registration (sreg) 1.0.
Here’s an example XRD document a website might fetch when performing Service Discovery:
[geshi lang=xml]
xmlns:openid="http://openid.net/xmlns/1.0"
xmlns="xri://$xrd*($v*2.0)">
[/geshi]
I’ll skip the details of parsing XML - you can use PHP dom or SimpleXML in PHP5. The XML document follows the XRD format, included in a current OASIS specification. At it’s most basic, the XRD document (noting these requirements are for Yadis 1.0 only) must contain a single XRD element composed of one or more Service elements. Each Service element defines a Service, as detailed in its child Type elements.
The Type element must always contain a valid URL or XRI (don’t worry yet about the XRI bit - it’s a proposed addition compatible with the current URI and IRI specifications). The URL should point to a Service specification, and contain a Version. If you check above, our example OpenID Provider is offering Signon 1.0-1.1 and Simple Registration 1.0.
The URI element must contain a valid URL - this is the URL the services described by the Type values are provided from, i.e. it’s where a website supporting OpenID logins would send its association and/or authentication requests.
Finally, there is an optional element “openid:Delegate”. This namespaced element contains the OpenID URL a user’s OpenID Provider knows them as (remember, any other URL can be an alias but the OpenID Provider does not know or care about such aliases).
Conclusion
At the end of this Yadis introduction, I’ll refer anyone who’s stuck with it to the official Yadis Specification 1.0. It’s not a huge document, but has a few nuances I’ve likely skipped mentioning.
http://yadis.org/papers/yadis-v1.0.pdf
Next up I’ll jump into the details of OpenID!
