As part of their OpenID process, some providers require the relaying party to implement a domain discovery mechanism for when an end user transitions through the authentication screens. If this mechanism is not in place, these providers display warning messages to the user stating that they could not verify the relaying website. Figure 11-5 shows an example of this on Yahoo!.

Figure 11-5. Yahoo! OpenID authentication screen

Depending on the provider that you are working with for your OpenID implementation, you may be required to create an XRDS domain verification file, which allows you to define yourself as the site owner and in turn allows the provider to verify your site.

Creating one of these documents is a multistep process that requires you to have access to the root of your domain. The XRDS file itself will be a short XML document with a custom content-type header applied.

Before we go through these steps, let’s look at what an XRDS file might look like. In this example, the XRDS file is saved as xrds.php.

<?php header('Content-Type: application/xrds+xml'); $xrd = '<?xml version="1.0" encoding="UTF-8"?><xrds:XRDS xmlns:xrds="xri://$xrds" xmlns:openid="http://openid.net/xmlns/1.0" xmlns="xri://$xrd*($v*2.0)">' ...