Re: [xri] trusted discovery workflow

[Brian Eaton <beaton@google.com>]

On Thu, Dec 4, 2008 at 10:01 AM, Dirk Balfanz <balfanz@google.com> wrote:
> - it would be nice if you stated explicitly what the inputs and outputs of
> the algorithm are. I believe they are the following:
>
>   input: (Reference R, KeyIdentifier currentAuthority)
>   output: Reference (is Null if trust cannot be established)
>
> - currentReference is never used inside the loop

Thanks, fixed.

> (1) How do we get the Authoritative Key for a reference before dereferencing it?

I think that's a separate discussion from the discovery work flow.
Deciding which Keys are trusted for which references is going to be
highly dependent on individual applications of discovery.  (Possible
solutions are https style key discovery or pairwise key exchange based
on signed contracts or the canonical id proposal in the
XrdOne/SimpleSign wiki.)

> (2) Could we simplify the algorithm by assuming that authentication means
> delegation? I.e., if I don't want to delegate to a different authority, I
> don't sign my reference. If I _do_ want to delegate, then I sign it. And the
> place I'm forwarding to _is_ the authority to which I'm delegating.

No.  Authenticated data is useful even if it doesn't delegate.  For
example, signing metadata about an OpenID signon URL does not imply
additional delegation.