[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] Re: Proposal for an X.509-based XRI Trust Profile
s/XRI spec/XRD trust profile spec/ On Thu, Jan 21, 2010 at 15:19, Breno de Medeiros <breno@google.com> wrote: > Okay, summarizing the two points I raised in the discussion today > about the XRI spec. > > 1. Give guidance on how extensions can adapt the profile to use other > trust anchor elements in the document (such as <hm:Host>) instead of > <subject> and <alias> > > or: > > 1b. Do nothing and remove reference to host-meta. Then let LRDD trust > profile define how to validate a Host-meta using an 'XRD-trust-lite' > validation + matching on <hm:Host> > > or: > > 1c. Make the 'authority name' or 'claimed subject' input optional and > define two types of validation: validation without a claimed subject > 'XRD-trust-lite', putting stern language that applications using this > profile should only use an empty 'claimed subject' if they have other > means to bind the XRD to the resource they intended to find meta-data > about (e.g., via alternative elements of the XRD defined through > extensions). > > > And > > 2. Allow root certificates to equal the signer certificate, in which > case the certificate matching step is not performed. I think this does > not add too much complexity to the spec. > > > On Thu, Jan 21, 2010 at 11:22, Breno de Medeiros <breno@google.com> wrote: >> Thanks, Will! >> >> On Thu, Jan 21, 2010 at 11:17, Will Norris <will@willnorris.com> wrote: >>> Here's a straight formatting of the draft using docbook + the OASIS xslt stylesheet. If there are any deviations from the plaintext draft Breno sent to the list, they are not intentional. I'm fairly sure there are a few "must"s that are intended to be normative, but for now I left everything alone. >>> >>> I haven't checked this into subversion just yet because I'm not sure how we want to structure this. We can talk about it on the call today. >>> >>> -will >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe from this mail list, you must leave the OASIS TC that >>> generates this mail. Follow this link to all your TCs in OASIS at: >>> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >>> >> >> >> >> -- >> --Breno >> >> +1 (650) 214-1007 desk >> +1 (408) 212-0135 (Grand Central) >> MTV-41-3 : 383-A >> PST (GMT-8) / PDT(GMT-7) >> > > > > -- > --Breno > > +1 (650) 214-1007 desk > +1 (408) 212-0135 (Grand Central) > MTV-41-3 : 383-A > PST (GMT-8) / PDT(GMT-7) > -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]