[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] trusted discovery workflow
On Thu, Dec 4, 2008 at 10:01 AM, Dirk Balfanz <balfanz@google.com> wrote: > - it would be nice if you stated explicitly what the inputs and outputs of > the algorithm are. I believe they are the following: > > input: (Reference R, KeyIdentifier currentAuthority) > output: Reference (is Null if trust cannot be established) > > - currentReference is never used inside the loop Thanks, fixed. > (1) How do we get the Authoritative Key for a reference before dereferencing it? I think that's a separate discussion from the discovery work flow. Deciding which Keys are trusted for which references is going to be highly dependent on individual applications of discovery. (Possible solutions are https style key discovery or pairwise key exchange based on signed contracts or the canonical id proposal in the XrdOne/SimpleSign wiki.) > (2) Could we simplify the algorithm by assuming that authentication means > delegation? I.e., if I don't want to delegate to a different authority, I > don't sign my reference. If I _do_ want to delegate, then I sign it. And the > place I'm forwarding to _is_ the authority to which I'm delegating. No. Authenticated data is useful even if it doesn't delegate. For example, signing metadata about an OpenID signon URL does not imply additional delegation.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]