Re: [xri] Secure XRD Proposals

[Nat Sakimura <n-sakimura@nri.co.jp>]

Yes, but it would be nice if we can do in a same mechanism, or at least,
leverage on one another.

I have got a feeling that the hybrid model goes a long milage.

=nat

Eran Hammer-Lahav wrote:
> But there is no requirement for XRD and XRDS to use the same signature
> mechanism. I would be supportive if the XRDS schema will introduce the
> 64bit XRD value instead of XRD doing it. So XRD will use external
> signatures (the whole HTTP body) while XRDS will record those external
> bodies and potentially even the certificate chain and signature value
> itself.
>
> EHL
>
>
> On 12/18/08 2:11 PM, "Sakimura Nat" <n-sakimura@nri.co.jp> wrote:
>
>     Per service signature usecase may be theoretical, but XRI
>     resolution stands for per XRD signature usecase for an XRDS.
>
>     =nat
>     ------------------------------------------------------------------------
>     *差出人:* Eran Hammer-Lahav [eran@hueniverse.com]
>     *送信日時:* 2008年12月19日 6:21
>     *宛先:* Peter Davis; Brian Eaton
>     *CC:* Dirk Balfanz; Sakimura Nat; xri@lists.oasis-open.org
>     *件名:* Re: [xri] Secure XRD Proposals
>
>     Can you provide a “real world” use case?
>
>     EHL
>
>
>     On 12/18/08 12:50 PM, "Peter Davis" <peter.davis@neustar.biz
>     <UrlBlockedError.aspx> > wrote:
>
>
>
>         On Dec 18, 2008, at 2:47 PM, Brian Eaton wrote:
>
>         > On Thu, Dec 18, 2008 at 11:25 AM, Peter Davis
>         > <peter.davis@neustar.biz <UrlBlockedError.aspx> > wrote:
>         >> I can see use cases for each service element being signed.
>         This is
>         >> essentially the detached signature model provided in XMLDsig.
>         >
>         > What are those use cases?
>
>         circumstances where the relying party to the XRD needs to interact
>         with 'certified' providers of a given service, and establishing a
>         network connection to a bogus service is expensive/inefficient
>         (wrt
>         network usage), or might otherwise cause harm to either the
>         relying
>         party or the user.
>
>         In these cases, it is not sufficient to simply sign the set of
>         services, as there may be several certified entities (for either
>         identical services or different ones), and the XRD signature
>         is too
>         broad in scope for such circumstances.
>
>         =peterd
>
>
>         ---------------------------------------------------------------------
>         To unsubscribe from this mail list, you must leave the OASIS
>         TC that
>         generates this mail. Follow this link to all your TCs in OASIS at:
>         https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>
>