[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] Minutes: XRI TC Telecon 2-3PM PT Thursday 2009-06-11
I remembered one thing that was discussed beside the topics below. It is in the bucket of 2) OTHER XRD 1.0 ISSUES and TargetSubject. I have elaborated what I meant at the meeting in a blog article "Identity Loss with OpenID 2.0" http://www.sakimura.org/en/modules/wordpress/index.php?p=82 I think this is closely related to TargetSubject/TargetAuthority but I have not sorted it in my head enough yet... =nat -------------------------------------------------- From: "Drummond Reed" <drummond.reed@cordance.net> Sent: Friday, June 12, 2009 9:58 AM To: "'XRI TC'" <xri@lists.oasis-open.org> Subject: [xri] Minutes: XRI TC Telecon 2-3PM PT Thursday 2009-06-11 > Following are the minutes of the unofficial telecon of the XRI TC at: > > Date: Thursday, 11 June 2009 USA > Time: 2:00PM - 3:00PM Pacific Time (21:00-22:00 UTC) > > (Note: Drummond could not attend so these minutes were taken by John.) > > ATTENDING > > Scott Cantor > Nat Sakimura > Will Norris > John Bradley > > REGRETS > > Drummond Reed > Eran Hammer-Lahav > > > 1) DO WE STILL NEED A SIMPLE SIGNING METHOD? > > Among the attendees on this call, the consensus was, "probably not". > > Nat is still concerned about adoption, and is looking for more feedback > from > the OpenID mailing list. > > John cynically thinks signing will not be popular with some people no > matter > what the canonicalization method is. > > Scott is going to create a description of the constrained form. > > Scott added the following comment in email: > > ***** BEGIN QUOTE ***** > > Just for the permanent record, on the sparsely attended call today I > raised > one of my other concerns about the proliferation of proprietary signing > mechanisms in specs, which is algorithm agility. > > I had been planning to mention to Will that copying the SAML spec's > outdated > recommendation to use RSAwithSHA1 as the signing algorithm was probably > not > the ideal choice, since SHA256 is gradually replacing SHA1 as the current > "best option" until the new hash standard is done. > > The more one duplicates signing functionality across multiple spots in the > software stack, the harder it is to maintain control over the algorithms > being used and maintain some degree of agility as these old algorithms > fall > into disrepair. > > ***** END QUOTE ***** > > John thinks that once implementers try c14n once they will like it "like > green eggs and ham", as Dr. Suess said. He said that making sure the 5 or > 6 > main OpenID libraries support it will cover 90% of the initial users. > > > 2) OTHER XRD 1.0 ISSUES > > Will raised the question of TargetSubject and how that would work when > delegating entire domains. It may be that using TargetAuthority will be > sufficient. Will is exploring use cases. > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]