[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xri] XRD trusted discovery workflow
Till yesterday, I had an impression that the Trust Wrokflow was trying to achive it. Generally speaking, it should be the naming authority that does this. That is, if it were http://example.com/alice and http://example.com/bob , then it should be example.com that signs this. If Trust Worlflow does not cover this issue, then we have to create another proposal on it, though it is not essential for usecases like OpenID, where the authentication should happen over CID. Under this scinario, even if the mapping from an identity uri to XRD was insecure, the end result will not change. The attacker will be able to log in only with his CID. =nat ________________________________________ 差出人: Brian Eaton [beaton@google.com] 送信日時: 2008年12月12日 7:19 宛先: Sakimura Nat CC: Dirk Balfanz; xri@lists.oasis-open.org 件名: Re: [xri] XRD trusted discovery workflow On Thu, Dec 11, 2008 at 2:11 PM, Sakimura Nat <n-sakimura@nri.co.jp> wrote: > It is authoritative to the CID. For OpenID use case, that would be enough. > > There has to be another document that links URI to CID, similarly signed if we need the > authenticity of the synonims. Yes, that's what I'm asking about. Who does that binding, where does it happen?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]