Re: [xri] <uri>element in <link> of XRD

[John Bradley <jbradley@mac.com>]

--Apple-Mail-587--530638379
Content-Type: multipart/alternative;
	boundary=Apple-Mail-586--530638474


--Apple-Mail-586--530638474
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: 7bit

If as we discussed on the call yesterday cannonicalID becomes Subject   
as in "the subject of the XRD" then we should consider having  
SubjectType at the XRD level.

If the XRD is about the subject the type is really making a assertion  
about that subject.

If the value of SubjrctType is  "Person" then I am saying that the  
subject is an identifier for a person not a service etc.

I think this also works if the Subject is not explicitly stated in the  
XRD.

=jbradley

On 30-Jan-09, at 2:36 AM, Eran Hammer-Lahav wrote:

> It is (a) which does not guarantee that the descriptor of the  
> resource identified by the <URI> will have the value of the <URI> as  
> its subject. I know Brian has a similar requirement for his trust  
> proposal.
>
> Since this seems like a trust-related requirement, I will wait until  
> we have a more complete trust solution to comment on that.
>
> We still have an open question if the <ResourceType> element at the  
> <XRD> level should be called ResourceType or Type. At the <Link>  
> level we agreed on ResourceType.
>
> EHL
>
>> -----Original Message-----
>> From: Nat Sakimura [mailto:n-sakimura@nri.co.jp]
>> Sent: Thursday, January 29, 2009 7:28 PM
>> To: XRI TC
>> Subject: [xri] <uri>element in <link> of XRD
>>
>> Accroding to today's dicussion, it looks like XRD would look  
>> something
>> like:
>>
>> <XRD sig="URI of the signature file"
>> sigalg="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; certuri="pem file
>> location">
>>  <Subject>Unique_identifier</Subject>
>>  <SignerID>Unique_identifier</SignerID>
>>  <ResourceType>...</ResourceType>
>>  <link>
>>    <rel>My OpenID Provider</rel>
>>    <localid>mylocalid</localid>
>>
>> <ResourceType>http://specs.openid.net/auth/2.0/signon</ResourceType>
>>    <ResourceType>http://specs.openid.net/cx/1.0</ResourceType>
>>    <URI>https://example.com/server</URI>
>>  </link>
>>  <link>
>>    <rel>my age verification service</rel>
>>    <localid>...</localid>
>>    <ProviderID>https://sts.equifax.com/#20081203000000</ProviderID>
>>    <ResourceType>http://schemas.informationcard.net/@ics/age-18-or-
>> over/2008-11</ResourceType>
>>    <URI>https://sts.equifax.com/</URI>
>>  </link>
>> </XRD>
>>
>>
>> My question is
>>
>> (1) Does <URI> points to
>>      (a) Service Endpoint
>>      (b) XRD address of the Service
>>      (c) <Subject> in the XRD of the Service.
>>
>> If it is not (c), then it would be really nice to have
>> something like <Subject> at the <link> level so that
>> we can potentially test that the destination really is the
>> intended destination.
>>
>> =nat
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this mail list, you must leave the OASIS TC that
>> generates this mail.  Follow this link to all your TCs in OASIS at:
>> https://www.oasis-open.org/apps/org/workgroup/portal/ 
>> my_workgroups.php
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>


--Apple-Mail-586--530638474
Content-Type: text/html;
	charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; ">If as we&nbsp;discussed&nbsp;on =
the call&nbsp;yesterday&nbsp;cannonicalID becomes Subject &nbsp;as in =
"the subject of the XRD" then we should consider having SubjectType at =
the XRD level.<div><br></div><div>If the XRD is about the subject the =
type is&nbsp;really&nbsp;making a&nbsp;assertion&nbsp;about that =
subject.</div><div><br></div><div>If the value of SubjrctType is =
&nbsp;"Person" then I am saying that the subject is =
an&nbsp;identifier&nbsp;for a person not a service =
etc.</div><div><br></div><div>I think this also works if the Subject is =
not&nbsp;explicitly&nbsp;stated in the =
XRD.</div><div><br></div><div>=3Djbradley</div><div><br><div><div>On =
30-Jan-09, at 2:36 AM, Eran Hammer-Lahav wrote:</div><br =
class=3D"Apple-interchange-newline"><blockquote type=3D"cite"><div>It is =
(a) which does not guarantee that the descriptor of the resource =
identified by the &lt;URI> will have the value of the &lt;URI> as its =
subject. I know Brian has a similar requirement for his trust =
proposal.<br><br>Since this seems like a trust-related requirement, I =
will wait until we have a more complete trust solution to comment on =
that.<br><br>We still have an open question if the &lt;ResourceType> =
element at the &lt;XRD> level should be called ResourceType or Type. At =
the &lt;Link> level we agreed on =
ResourceType.<br><br>EHL<br><br><blockquote type=3D"cite">-----Original =
Message-----<br></blockquote><blockquote type=3D"cite">From: Nat =
Sakimura [<a =
href=3D"mailto:n-sakimura@nri.co.jp";>mailto:n-sakimura@nri.co.jp</a>]<br><=
/blockquote><blockquote type=3D"cite">Sent: Thursday, January 29, 2009 =
7:28 PM<br></blockquote><blockquote type=3D"cite">To: XRI =
TC<br></blockquote><blockquote type=3D"cite">Subject: [xri] =
&lt;uri>element in &lt;link> of XRD<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">Accroding to =
today's dicussion, it looks like XRD would look =
something<br></blockquote><blockquote =
type=3D"cite">like:<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">&lt;XRD =
sig=3D"URI of the signature file"<br></blockquote><blockquote =
type=3D"cite">sigalg=3D"<a =
href=3D"http://www.w3.org/2000/09/xmldsig#rsa-sha1";>http://www.w3.org/2000=
/09/xmldsig#rsa-sha1</a>" certuri=3D"pem =
file<br></blockquote><blockquote =
type=3D"cite">location"><br></blockquote><blockquote type=3D"cite"> =
&nbsp;&lt;Subject>Unique_identifier&lt;/Subject><br></blockquote><blockquo=
te type=3D"cite"> =
&nbsp;&lt;SignerID>Unique_identifier&lt;/SignerID><br></blockquote><blockq=
uote type=3D"cite"> =
&nbsp;&lt;ResourceType>...&lt;/ResourceType><br></blockquote><blockquote =
type=3D"cite"> &nbsp;&lt;link><br></blockquote><blockquote type=3D"cite"> =
&nbsp;&nbsp;&nbsp;&lt;rel>My OpenID =
Provider&lt;/rel><br></blockquote><blockquote type=3D"cite"> =
&nbsp;&nbsp;&nbsp;&lt;localid>mylocalid&lt;/localid><br></blockquote><bloc=
kquote type=3D"cite"><br></blockquote><blockquote =
type=3D"cite">&lt;ResourceType><a =
href=3D"http://specs.openid.net/auth/2.0/signon";>http://specs.openid.net/a=
uth/2.0/signon</a>&lt;/ResourceType><br></blockquote><blockquote =
type=3D"cite"> &nbsp;&nbsp;&nbsp;&lt;ResourceType><a =
href=3D"http://specs.openid.net/cx/1.0";>http://specs.openid.net/cx/1.0</a>=
&lt;/ResourceType><br></blockquote><blockquote type=3D"cite"> =
&nbsp;&nbsp;&nbsp;&lt;URI><a =
href=3D"https://example.com/server";>https://example.com/server</a>&lt;/URI=
><br></blockquote><blockquote type=3D"cite"> =
&nbsp;&lt;/link><br></blockquote><blockquote type=3D"cite"> =
&nbsp;&lt;link><br></blockquote><blockquote type=3D"cite"> =
&nbsp;&nbsp;&nbsp;&lt;rel>my age verification =
service&lt;/rel><br></blockquote><blockquote type=3D"cite"> =
&nbsp;&nbsp;&nbsp;&lt;localid>...&lt;/localid><br></blockquote><blockquote=
 type=3D"cite"> &nbsp;&nbsp;&nbsp;&lt;ProviderID><a =
href=3D"https://sts.equifax.com/";>https://sts.equifax.com/</a>#20081203000=
000&lt;/ProviderID><br></blockquote><blockquote type=3D"cite"> =
&nbsp;&nbsp;&nbsp;&lt;ResourceType><a =
href=3D"http://schemas.informationcard.net/@ics/age-18-or-";>http://schemas=
.informationcard.net/@ics/age-18-or-</a><br></blockquote><blockquote =
type=3D"cite">over/2008-11&lt;/ResourceType><br></blockquote><blockquote =
type=3D"cite"> &nbsp;&nbsp;&nbsp;&lt;URI><a =
href=3D"https://sts.equifax.com/";>https://sts.equifax.com/</a>&lt;/URI><br=
></blockquote><blockquote type=3D"cite"> =
&nbsp;&lt;/link><br></blockquote><blockquote =
type=3D"cite">&lt;/XRD><br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">My question =
is<br></blockquote><blockquote type=3D"cite"><br></blockquote><blockquote =
type=3D"cite">(1) Does &lt;URI> points to<br></blockquote><blockquote =
type=3D"cite"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(a) Service =
Endpoint<br></blockquote><blockquote type=3D"cite"> =
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(b) XRD address of the =
Service<br></blockquote><blockquote type=3D"cite"> =
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(c) &lt;Subject> in the XRD of the =
Service.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">If it is not =
(c), then it would be really nice to have<br></blockquote><blockquote =
type=3D"cite">something like &lt;Subject> at the &lt;link> level so =
that<br></blockquote><blockquote type=3D"cite">we can potentially test =
that the destination really is the<br></blockquote><blockquote =
type=3D"cite">intended destination.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote =
type=3D"cite">=3Dnat<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote =
type=3D"cite">------------------------------------------------------------=
---------<br></blockquote><blockquote type=3D"cite">To unsubscribe from =
this mail list, you must leave the OASIS TC =
that<br></blockquote><blockquote type=3D"cite">generates this mail. =
&nbsp;Follow this link to all your TCs in OASIS =
at:<br></blockquote><blockquote type=3D"cite"><a =
href=3D"https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups=
.php">https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.p=
hp</a><br></blockquote><br><br>-------------------------------------------=
--------------------------<br>To unsubscribe from this mail list, you =
must leave the OASIS TC that<br>generates this mail. &nbsp;Follow this =
link to all your TCs in OASIS at:<br><a =
href=3D"https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups=
.php">https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.p=
hp</a><br><br></div></blockquote></div><br></div></body></html>=

--Apple-Mail-586--530638474--

--Apple-Mail-587--530638379
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGrzCCAz8w
ggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcx
KDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0
ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxA
dGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpB
MSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg
UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
xKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7d
yfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/
p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDow
OKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3Js
MAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgw
DQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A
9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYI
Tq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8wggNoMIIC0aADAgECAhAd94+bIYviuSaQ
w/qU/yWPMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29u
c3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNz
dWluZyBDQTAeFw0wODEyMTIwMTU0MzFaFw0wOTEyMTIwMTU0MzFaMIGfMR8wHQYDVQQDExZUaGF3
dGUgRnJlZW1haWwgTWVtYmVyMR8wHQYJKoZIhvcNAQkBFhBqYnJhZGxleUBtYWMuY29tMR4wHAYJ
KoZIhvcNAQkBFg9qYnJhZGxleUBtZS5jb20xHTAbBgkqhkiG9w0BCQEWDnZlN2p0YkBtYWMuY29t
MRwwGgYJKoZIhvcNAQkBFg12ZTdqdGJAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAxB2GGbZ5p8mVtg16CSDXeF8F3D+5sbs8L4b/YrHt/BvtQdE8GY202cUko/b/rXTUA0JC
XZRDrOiH7ZxcqI4alJNel9AcSLepcdHN4+t2zhvWilm+YF0/r6m/1PikkVT9TWic61IZMpNWIUkk
A+MWzEjChYPefdSMhxikhhMFZ0sv2qPE9pmdaPtD2uF4MwKnIzdZYo+X7rWoaXHIdsZwZDU3HdR5
rVuK5s9xvRED7TZgwE1/yHzHnTbedUWPdNNUlL24Jp3iiVzjZan8zOCn6x4b8O1QPN5b/FOZrerq
FDZ2zhIBsWEcKdIxqIqPdVkrYvEfGBLMe1QIORu0J56L/QIDAQABo10wWzBLBgNVHREERDBCgRBq
YnJhZGxleUBtYWMuY29tgQ9qYnJhZGxleUBtZS5jb22BDnZlN2p0YkBtYWMuY29tgQ12ZTdqdGJA
bWUuY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEADhjvX5w/BXN7OL5y1ZfydfmJ
RKezNqugUDf8XbKmmMR/o+vjx395pBpO9QF8hQwtKNDuvoxLTNDMWdcCNbvaEpqREXc7liV9FfA5
ndAB1VgDqYDjY9M9LU54LH8uqEx7+pX6qa6KoR8eRHby9zi+iuSkJ4GLI59RBnVI54x4/acxggMQ
MIIDDAIBATB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5
KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQHfeP
myGL4rkmkMP6lP8ljzAJBgUrDgMCGgUAoIIBbzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG
CSqGSIb3DQEJBTEPFw0wOTAxMzAxNDUxNTZaMCMGCSqGSIb3DQEJBDEWBBQk7z7d47fyH2mE7r8g
ot1kNdIkqjCBhQYJKwYBBAGCNxAEMXgwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3Rl
IENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWls
IElzc3VpbmcgQ0ECEB33j5shi+K5JpDD+pT/JY8wgYcGCyqGSIb3DQEJEAILMXigdjBiMQswCQYD
VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMj
VGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEB33j5shi+K5JpDD+pT/JY8wDQYJ
KoZIhvcNAQEBBQAEggEALKtqLdhF2K4qxRXSsetDBguJQJAmqoia+TvL+0+8dNkmvGPcWBrrBTd7
Bl7dRp3KlBVv01vogHigueYkuHMRkOV7D3moJZAGXkzXjcyHpUTeG/UItzTtT41mwB1ouKA872wI
GsoOOjfCdwhgWMxflLpGgXVxbfO6PPo6/VjzGIpaxIq1Xsk6rUoJX4b7D3x42G/fbb3qhnMQ/njp
8Pa109r6XZqk2eNhGSTdNJIIp5pfiKdV+hSq+ZrO1+VE1NNcbanXsznF69rf/xIwoTsZtQgdouSH
ui69pbCAxOnzF2KZ9zgfwoZp5ShlasvHOQFaBePyzDEHMG0gNfYcuMhx2QAAAAAAAA==

--Apple-Mail-587--530638379--