[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xri] XRD Signing and Trust
I personally agree with Markus that having
the corresponding Alias in the target XRD would be a good practice. However I
don’t think it should be required (I could be convinced otherwise, but I’ll
leave that to the trust experts). =Drummond From: markus.sabadello@gmail.com
[mailto:markus.sabadello@gmail.com] On Behalf
Of Markus Sabadello If I understand your
example XRD On Fri, May 22, 2009 at 10:10 PM, Will Norris <will@willnorris.com> wrote:
How would this form-encoded delivery work? If a client tries to fetch
an yep, that would be the idea... the consuming application would use the
content-type as an indicator of how to parse the response.
Finally, what's the TargetSubject for? In this example: yeah, that was actually a bad example, because it's delegating the
user's XRD, not a specific service. Imagine I hosted my own XRD, but
still wanted to delegate to Google as my OpenID Provider...
In this example, https://www.google.com/a/balfanz.net/openid would provide
an XRD which describes the specific OpenID endpoints and supported extensions
at Google. This is not an XRD for any particular user, but rather
describes OpenID services for that hosted domain, so the subject would be
"http://my-hosted-domain.com".
Perhaps it would be in a broader site-meta XRD that includes more than
just OpenID services, I don't know. As long as it had a Type value of
"http://example.com/openid/provider",
it wouldn't really matter.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]