[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] trusted discovery workflow
On Thu, Dec 4, 2008 at 12:06 PM, Drummond Reed <drummond.reed@cordance.net> wrote: > From a first read-through, it looks like XRI 2.0 trusted resolution using > SAML signatures as defined in section 10.2 of [1] conforms to your > algorithm. (I'm not at all suggesting we use that for XRD since it was > complex enough that there was only one early implementation.) I'm just > testing my understanding of the algorithm you are proposing for "signed > links". They definitely have some similarities. In particular the sentence... "If the digital signature enveloped by the SAML assertion contains a ds:KeyInfo element, the resolver MAY reject the signature if this key does not match the signer's expected key as specified by the ds:KeyInfo element present in the XRD Descriptor that was used to describe the current authority." ... makes me think that there is a similar concept of delegation happening. I'm not 100% sure of that, though.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]