Re: [xri] trusted discovery workflow

[John Bradley <jbradley@mac.com>]

In XRI trusted resolution the chain follows the subsegments in the first segment.

For the XRI @google*jbradley  the @ registry provides an Authority SEP for retrieving the @google XRD and @Google's XRD provides the Authority SEP to retreve *jbradley's XRD 

The signing delegation followed the XML resolution chain.  The XRI resolver takes the multiple signed XRD documents retrieved and creates an XRDS from them to return to the client.  

If the client has asked for the XRDS rather than just the final XRD the client has all it needs to walk the trust chain from @ via the certs.

=jbradley

On 5-Dec-08, at 12:41 PM, Brian Eaton wrote:

On Thu, Dec 4, 2008 at 10:57 PM, Nat Sakimura <n-sakimura@nri.co.jp> wrote:

The authenticity of individual XRD can be estabilished by just inspecting it

through SimpleSign.

(See SimpleSign proposal how it is so.)

The XRD document points to another resource with its own XRD for a service.

This may be pointing to yet another resource with its own XRD, etc., so it

creates a chain.

What this TrustWrokflow is trying to achieve is to evaluate the authenticity

of this chain.

(This actually is what XRI Trusted Resolution 2.0 tried to solve.)

Is this correct?

Yes, it is.

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php