[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] trusted discovery workflow
On Thu, Dec 4, 2008 at 10:01 AM, Dirk Balfanz <balfanz@google.com> wrote:Thanks, fixed.
> - it would be nice if you stated explicitly what the inputs and outputs of
> the algorithm are. I believe they are the following:
>
> input: (Reference R, KeyIdentifier currentAuthority)
> output: Reference (is Null if trust cannot be established)
>
> - currentReference is never used inside the loop
I think that's a separate discussion from the discovery work flow.
> (1) How do we get the Authoritative Key for a reference before dereferencing it?
Deciding which Keys are trusted for which references is going to be
highly dependent on individual applications of discovery. (Possible
solutions are https style key discovery or pairwise key exchange based
on signed contracts or the canonical id proposal in the
XrdOne/SimpleSign wiki.)
No. Authenticated data is useful even if it doesn't delegate. For
> (2) Could we simplify the algorithm by assuming that authentication means
> delegation? I.e., if I don't want to delegate to a different authority, I
> don't sign my reference. If I _do_ want to delegate, then I sign it. And the
> place I'm forwarding to _is_ the authority to which I'm delegating.
example, signing metadata about an OpenID signon URL does not imply
additional delegation.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]