[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xri] subject sets (also sort of: Agenda for August 6, 2009 call)
John Bradley wrote on 2009-08-09: > XRD needs to specify how XRD's are signed from a XML perspective. > > However the XRD spec should not be mandating the relationships between > the the signatures and the subject. Right. I also understood that there were some specific linking elements designed to express constraints on the result of the link, and that's fine, as long as they're also suitable abstracted from specific approaches. This was all discussed in the thread(s) on the trust models to support, wherein I suggested that the core spec leave it at "requiring correspondence" between particular elements and that a specific method or two for matching (e.g. comparing public keys) be defined as a useful (and maybe MTI) profile. > I think Scott and I are just saying that the core XRD spec should not > preclude other trust models. > > I think Scott was suggesting keeping the core spec generic and > producing profiles for the different use cases. Somewhat like SAML. Yes. Needless to say, I think that's the proper way to layer a spec like this. > The fine points of requiring RSA vs ECDSA, SHA1 vs SHA256 Keyinfo vs > KeyData , as well as what needs to be verified and how need to be in > a doc with a conformance requirement. Right. Usually conformance deals with profiles, and then includes rules about MTI algorithms and such, but the division of labor there is relatively arbitrary. I think that's all just another way of saying that we should define a very minimal set of things around trust for now, and then leave the rest to profiles. I'm also willing to help write some of this text, but was waiting on this subject matching stuff to stablize before I tried to help Will with the rest. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]