Summary on trust/KeyInfo issues

["Scott Cantor" <cantor.2@osu.edu>]

This was the rough consensus I was seeking:

- There's a use case for expressing keys controlled by the XRD Subject at
some level of the XRD (perhaps top level, perhaps not). The details of the
use case(s) need to be determined before deciding exactly what the syntax
would be. It may be ds:KeyInfo alone, might need a wrapper or extension a la
SAML needed.

- The bootstrapping of trust in the signer of an initial XRD would be left
unspecified other than to note the fact that it needs to be accomplished in
whatever manner is acceptable to the RP.

- The mode of delegation with links or the proposed SeeAlso notion that
includes a ds:KeyInfo represents a framework for matching the key
information on the linker and the signer[1] of the linkee. The spec would
include one formalization of this framework in which only X509Certificate
and KeyValue are MTI elements, and the matching process is by key comparison
alone. The ds:KeyInfo on the linker side would be multiply occurring.

[1] Needs to be explicit...is it the signer of the linked XRD whose key is
being expressed in the link or the *subject* of the linked XRD?

-- Scott