Friday, December 05, 2008

Firefox XRD Extension

Even so progress is slow sometimes...
Sometimes things actually move forward.
Based on the discussion at IIW and the former posts I started to write an extension for Firefox that allows users to see the XRDS provided by a site.

I see this as a further step to get IDentity In the Browser. But not only "openid in the browser" but much more.
First let's see how this looks.


Even if you have this new "xrds_pageinfo.xpi" extension installed and visit a site that provides xrds then there is at first not much to see. The site's XRDS is not visible to the user. And that is good as it is. The normal user is not interested in some xml file. The services described in the file matter.

Well. All my new Firefox extension currently does for the user is to show just that xml. Click on the favicon of the site and you will see something like this:


But there is more to come and there is more under the hood. The extension implements a component in javascript that allows other extensions to access the discovered XRDS and add/remove handler for services defined in the XRDS.

The current interface definition for the component is:
[function, scriptable, uuid(13e630b8-3f41-456b-ae26-c30b201c8f99)]
interface IXrdsServiceHandler : nsISupports
        boolean handle(in nsIDOMElement service, in nsIDOMDocument doc);
[scriptable, uuid(DDD9BC02-D964-4bd5-B5BC-943E483C6C57)]
interface IXrdsComponent : nsISupports
  void addServiceHandler(in ACString xrdsServiceType, in IXrdsServiceHandler aXrdsServiceHandler);
  void removeServiceHandler(in ACString xrdsServiceType, in IXrdsServiceHandler aXrdsServiceHandler);
  IXrdsServiceHandler iterator(in ACString xrdsServiceType);
  long getHandlerCount(in ACString xrdsServiceType);
  IXrdsServiceHandler getHandlerByIndex(in ACString xrdsServiceType, in long index);

  void addXrdsForSite(in ACString site, in AUTF8String xrds);
  AUTF8String getXrdsForSite(in ACString site);

This interface definition will change. But after I have integrated this into the openinfocard identity selector and after feedback from the other XRD-enthusiasts and perhaps integration into "openid in the browser" I expect something stable no so far away.

What next?
  • provide some useful GUI
    • it should be possible to click on a button and this will retrieve the privacy policy of the relying party or openid consumer if that service is defined by the XRDS.
    • click and the Information Card selector starts and your chosen claims will be send to the RP.
    • click and your openid attributes are retrieved and provided (without stealable credentials being involved).
    • click and the browser opens the page where you can edit your data.
    • click and the browser opens the page that lets you terminate the relation to this site.
    • click and you can present your voucher.
    • click and you are a new customer with verified claims.
  • integrate with openinfocard id selector
  • integrate with IDIB
  • standardize all this
    • standardize service types
    • standardize this usage of XRDS for relying parties, openid consumers, webshops, whatever
    • There are many open questions. Implementing this and defining service types etc is fruitless if there is no (industry) standard.

I hope that I can work in the OASIS TC(s) relevant to this. Currently it looks like joining is next to impossible. I spare you the details.

I would like to end with something positive... So please find the Firefox extension here. Please send suggestions to
Happy Xrd-ing. -Axel


Enrique said...

Looks interesting. We will keep an eye on it

MattE said...

Hi Axel,

I have been experimenting with the openinfocard code to test some stuff about which I am hoping to write my thesis at the University of Cape Town.

I am having a couple of issues which I have documented on the project here

I would really value any pointers you might be able to give me. I could describe my specific interest in more detail, if necessary. Thanks

Incidentally, I see you work for Deutsche-Telekom, my studies are being subsidized by T-Systems in South Africa (a D-T subsidiary).