[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] RE: [xri-editors] RE: Trusted resolution
[reposted from xri-editors list] Sorry, behind on email due to liberty meeting in helsinki I generally agree with this statement, but wanted to probe a bit on the access control and confidentiallity part. while i agree we should not presribe an explicit normative spec for these, i think we may want to publish a non-normative advisory on potiential risks and likely PEP, PDP, PIP points in the resolution stack. thoughts? --- peterd Dave McAlpin wrote: >I had an action item to provide alternative text for section 4.9 of the >requirements doc. Here's my proposal. Note that I explicitly exclude access >control and don't comment on client side authentication (i.e. the ability of >the resolver to trust the identity of the resolution requester). Is that ok >or do we need to deal with those issues as well? > >The XRI specification must ensure that the specified resolution mechanism(s) >can be extended to provide trusted resolution. Trusted resolution in this >context means the relying party (i.e. the party requesting resolution) can >trust that the result of resolution is correct as defined by the resource's >controlling identifier authority. Specification of the actual mechanism for >trusted resolution may be outside the scope of this TC. Data confidentiality >and access control are explicitly outside the scope of this requirement. > >Dave > > > >You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/xri/members/leave_workgroup.php > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]