Re: [xri] Secure XRD Proposals

[John Bradley <jbradley@mac.com>]

That is one way that we could have a single document that contained a base64 encoded version of the XRD and a text XML version.

It can all be processed as XML safely.   

Effectively it is SAML Simple Sign with the http post encoding replaced by XML, to allow a un-encoded XRD to be included for apps not interested in processing the sig.

The big problem is that it changes the namespace.

If we use something other than XML to encode the two versions of the XRD and the sig that will increase the complexity of the client in processing it.

Our thought was that as they have XML processing anyway keep with it.

If we are going to introduce another wrapper then something like S/MIME or even HTML post encoding come to mind as options.

Just because the XRD won't be passed as a post doesn't mean that we can't encode it that way.

I am not super attached to the SXRD proposal but it is useful for comparison of the options.

=jbradley

On 18-Dec-08, at 1:22 PM, Sakimura Nat wrote:

That's Brian and John's proposal, so I would like to defer it to them for an authoritative answer.

________________________________________
差出人: Peter Davis [peter.davis@neustar.biz]
送信日時: 2008年12月18日 22:00
宛先: Sakimura Nat
CC: xri@lists.oasis-open.org
件名: Re: [xri] Secure XRD Proposals

Out of curiosity, what was the motivation for the introduction of the
SXRD element for the signature in proposal 1?

=peterd

On Dec 17, 2008, at 8:54 PM, n-sakimura@nri.co.jp wrote:

Hi

I have created a page:

http://wiki.oasis-open.org/xri/XrdOne/SecureXrd

It is the result of some private message exchange among me, Brian

and John.

If we were to forget about the backward comaptibility to XRDS2.0, I

personally like 1.2 SAML POST Simple Sign Binding style.

Otherwise, I like 1.3 Backword Comaptible XRD.

Related, but separet topic beside the format is whether to include

SigAlg in a signed material. XML Sig calls for SigAlg to be included

in the signed material citing weak algorithm attack. Then, there is

an argument that while theoretically interesting, the real risk is

very small.

Please discuss on this as well.

Actually, if we take 1.2 SAML Simple Sign Style, we can get SigAlg

outside of XRD and still sign it, so it is quite nice.

Peter Davis: NeuStar, Inc.
Director & Distinguished Member of the Technical Staff
45980 Center Oak Plaza Sterling, VA 20166
[T] +1 571 434 5516 [E] peter.davis@neustar.biz [W] http://www.neustar.biz/
 [X] xri://@neustar*pdavis [X] xri://=peterd
The information contained in this e-mail message is intended only for
the use of the recipient(s) named above and may contain confidential
and/or privileged information. If you are not the intended recipient
you have received this e-mail message in error and any review,
dissemination, distribution, or copying of this message is strictly
prohibited. If you have received this communication in error, please
notify us immediately and delete the original message.

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

smime.p7s