RelMeAuth

From Microformats Wiki
Revision as of 20:13, 22 April 2010 by Tantek (talk | contribs) (noted all independents have to do is use rel-me like they already are, link to profile sites supporting rel-me, list OAuth supporting sites)
Jump to navigation Jump to search

RelMeAuth is a proposed open standard for using rel-me links to profiles on OAuth supporting services to authenticate via either those profiles or your own site.

support RelMeAuth

independents

In general, all you have to do is just use rel="me". That's it! No odd new hidden meta tags or XML files.

The simple and common case:

Add rel="me" to links from your home page to your various profiles on other services. You're done.

If you prefer to have a separate contact page that links to your other profiles, then

  1. add rel="me" to links from your contact page to those other profiles
  2. add rel="me" to the link from your home page to your contact page

examples in the wild

simple home page

http://tantek.com/ has (simplified markup)

<ul>
<li><a rel="me" href="http://twitter.com/t">Twitter: @t</a></li>
<li><a rel="me" href="http://identi.ca/t">identi.ca: t</a></li>
</ul>
separate contact page

http://adactio.com/ has (simplified markup)

<ul>
<li><a rel="me" href="/journal/">Journal</a></li>
<li><a rel="me" href="/contact/">Contact</a></li>
</ul>

and then also:

http://adactio.com/journal/ has (simplified markup)

<ul>
<li><a rel="me" href="http://huffduffer.com/adactio/">Huffduffer</a></li>
<li><a rel="me" href="http://twitter.com/adactio/">Twitter</a></li>
<li><a rel="me" href="http://adactio.tumblr.com/">Tumblr</a></li>
<li><a rel="me" href="http://www.last.fm/user/adactio/">Last.fm</a></li>
<li><a rel="me" href="http://www.dopplr.com/traveller/adactio/public">Dopplr</a></li>
<li><a rel="me" href="http://www.vimeo.com/user196031">Vimeo</a></li>
<li><a rel="me" href="http://ffffound.com/home/adactio/found/">Ffffound</a></li>
<li><a rel="me" href="http://readernaut.com/adactio">Readernaut</a></li>
<li><a rel="me" href="http://97bottles.com/people/adactio/">97 Bottles</a></li>
</ul>

authentication preference

If you have a specific preference for what service(s) to authenticate with, just make sure that you list links to your profiles on those other services in preference order (on your home page or contact page as described above).

profile sites

Any social network site or similar site that has user profile pages should:

  1. provide a user interface for a user to enter and publicly publish a URL back to their home page
  2. publish a visible link with rel="me" from user's profile page to their personal home page

Most site do this now.

See the list of profile sites that support rel="me" to at least one other personal site or profile.

authentication sites

Any site that wants to allow users to login with their credentials from that site on 3rd party sites should:

  1. Support OAuth

Sites that support both rel-me and are also OAuth end points:

sites needing a user login

Any site that wants to let users login with an identity should:

  1. provide a user interface for users to enter or choose their preferred online identity (e.g. their own URL)
  2. perform RelMeAuth authentication as described below


how it works

summary of RelMeAuth authentication

Summary of the RelMeAuth authentication algorithm

  • input: a user identity (e.g. URL) to authenticate
  • output: success or cancel authentication or no authenticatable URLs found
  1. start with a user identity URL (e.g from the UI, or from a cookie from previous login etc.)
  2. iterate through their outbound rel-me links on that URL
    1. if
      1. a rel-me destination is up (HTTP Get succeeded, following any redirects)
      2. and rel-me links back to user's site
      3. and has OAuth endpoint
      4. then do OAuth authentication
      5. if authentication succeeded, you're done, the user has been been authenticated with the user identity URL, exit
      6. if it was rejected, the user canceled, thus cancel the entire authentication process, exit
    2. continue iteration with the next rel-me link if any
  3. no authenticatable URLs found (either none at all, or any provided had some other error, 404, no response, no OAuth endpoint, other OAuth error)

history

On 2010-02-01 Tantek introduced the basis for and Jeff Lindsay suggested the name for RelMeAuth.

In a follow-up Tantek suggested the following simple protocol for RelMeAuth:

RelMeAuth works for any #OAuth + rel-me site, and enables auto-fallback with use of alternate identities for authentication:

  1. user enters their site URL
  2. iterate through their outbound rel-me links
  3. if
    1. a rel-me destination is up, and
    2. rel-me links back to user's site, and
    3. has OAuth endpoint,
    then do OAuth authentication.

Thus user links to their RelMeAuth profiles in preference order, and authentication code tries them in order. e.g. Twitter, Identi.ca, ... etc.