[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] Second thoughts
On Tue, Feb 2, 2010 at 15:24, Nika Jones <njones@ouno.com> wrote: > If I understand correctly, we're setting up a profile for XRD which uses > XML DSig... this doesn't preclude other security profiles does it? Well, yes, but it would have to be made through extensions. That is not a problem in theory, but is a practical problem because there's much concurrent work on specs that would want to point to a specific Trust Profile (LRDD, for instance). > > Also, could you point to more specifics of where the, > "canonicalization-free signatures..." are mentioned in the specs. Do you > mean something like what is mentioned in the OAuth WRAP spec at the > beginning of section 1.1 (taken from the WRAP spec): > > --- > The Access Token is opaque to the Client, and can be any format agreed > to between the Authorization Server and the Protected Resource > enabling existing systems to reuse suitable tokens, or use a standard > token format such as a Simple Web Token or JSON Web Token. > ---- > I think the Simple Web Token format is the one that defines a canonicalization-free signature scheme. --Breno
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]