[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] Delay in discovery spec
That is why I keep saying the XRD is about the XRD subject (formerly known as CannonicalID) The most you can say about the URI that got you there is that they have directed you to that XRD. Did they do it intentionally or by mistake is the question. If the XRD claims to have a subject of http://example.com/jbradley#1234 and you confirm that by verifying example.cm's signature over the XRD or perform discovery on http://example.com/jbradley and retrieve the same XRD then you can reasonably believe that the subject of the XRD is what it claims to be. I see the case of a blog say http://thread-safe.net having a link or a redirect and link to the XRD with the subject http://example.com/jbradley as beein relitivly common. It is my blog so I may want to have it point to meta data about me. The subject/resource in this case me has a identifier http://example.com/jbradley#1234 my blog uri may be listed in the XRD as an alias I use or perhaps as a relationship of type blog or some such thing. If the application doing the discovery wants to draw an inference that some URI that points to the XRD has a implied relationship with the XRD that is up to the App. That may be the case for openID where the person is proving that they know some secret that is verified by a OP pointed to by the XRD. But that is up to the application to verify not the discovery protocol itself. =jbradley On 2-Feb-09, at 9:13 PM, Eran Hammer-Lahav wrote:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]