OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [xri] Summary on trust/KeyInfo issues


John Bradley wrote on 2009-07-23:
> Shouldn't this be the public key of the signatory of the linked XRD and
not
> the public key of the Subject of the linked XRD.  They are not the same in
> all cases.

I think I asked that and the answer was yes, so we need to be careful about
that language.

> 	1.	Do we really need KeyDescriptor?
> 
> Don't we need that to support multiple keys for rotation, signing vs
> encryption. Perhaps different types of keys RSA, DSA for different apps.
> Having a single public key for the subject will cause griping in short
> order I think.

None of that requires a wrapper element per se, just multiple KeyInfo
elements. The wrapper is required if we need to add qualifiers or key
metadata that don't fit into the mandate of a KeyInfo extension.

I suppose in the interest of being concrete, I would say that if I had it to
do over again, I would have defined SAML's KeyDescriptor to rely on an
extensible set of URIs for the "use" attribute instead of a fixed enum, and
added wildcards to the schema so that it was extensible.
 
-- Scott




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]