[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xri] Summary on trust/KeyInfo issues
John Bradley wrote on 2009-07-23: > Shouldn't this be the public key of the signatory of the linked XRD and not > the public key of the Subject of the linked XRD. They are not the same in > all cases. I think I asked that and the answer was yes, so we need to be careful about that language. > 1. Do we really need KeyDescriptor? > > Don't we need that to support multiple keys for rotation, signing vs > encryption. Perhaps different types of keys RSA, DSA for different apps. > Having a single public key for the subject will cause griping in short > order I think. None of that requires a wrapper element per se, just multiple KeyInfo elements. The wrapper is required if we need to add qualifiers or key metadata that don't fit into the mandate of a KeyInfo extension. I suppose in the interest of being concrete, I would say that if I had it to do over again, I would have defined SAML's KeyDescriptor to rely on an extensible set of URIs for the "use" attribute instead of a fixed enum, and added wildcards to the schema so that it was extensible. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]