[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Summary on trust/KeyInfo issues
This was the rough consensus I was seeking: - There's a use case for expressing keys controlled by the XRD Subject at some level of the XRD (perhaps top level, perhaps not). The details of the use case(s) need to be determined before deciding exactly what the syntax would be. It may be ds:KeyInfo alone, might need a wrapper or extension a la SAML needed. - The bootstrapping of trust in the signer of an initial XRD would be left unspecified other than to note the fact that it needs to be accomplished in whatever manner is acceptable to the RP. - The mode of delegation with links or the proposed SeeAlso notion that includes a ds:KeyInfo represents a framework for matching the key information on the linker and the signer[1] of the linkee. The spec would include one formalization of this framework in which only X509Certificate and KeyValue are MTI elements, and the matching process is by key comparison alone. The ds:KeyInfo on the linker side would be multiply occurring. [1] Needs to be explicit...is it the signer of the linked XRD whose key is being expressed in the link or the *subject* of the linked XRD? -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]