RE: [xdi] Agenda for XDI TC Call Monday 4/19 5PM Pacific

["Drummond Reed" <drummond.reed@cordance.net>]

Jean-Luc,

Indeed, as Fen and Marc indicated, there was some problem with the OASIS
email servers yesterday, so your mail only came through today.

Also, just to be clear: all OASIS email lists and web pages are public, and
are publicly indexable (by Google and all other search engines). The OASIS
chairs list has recently had a long discussion about the fact that this
exposes all our email addresses to spam harvestors, and OASIS is looking
into alternatives. Ironically, this is one very clear use of XRIs and XDI -
to switch from public to private addresses where access is based on
permissions. But we have to finish the XDI specs before we can propose this
to OASIS.

In any case, as Fen replied, I strongly agree with the mutual authentication
issue and do expect that XDI/SOAP will be able to use SAML, SPKI, or similar
mechanisms for this (XDI/HTTP would need to develop it natively).

As for your second point, please by all means do write up your use case,
ideally before our f2f meeting beginning next Wed. the 28th, as that way we
will be able to review it there. We will be having the dial-in portion of
the f2f on Thursday morning as per the agenda published to the list, so if
you can attend that we will go over it there.

Best,

=Drummond 

-----Original Message-----
From: Jean-Luc Schellens [mailto:jlschellens@hotmail.com] 
Sent: Tuesday, April 20, 2004 7:38 AM
To: drummond.reed@cordance.net
Cc: xdi@lists.oasis-open.org
Subject: RE: [xdi] Agenda for XDI TC Call Monday 4/19 5PM Pacific

Hello Drummond,

This is my last try!

I'm indeed in trouble because I sent this message to the "xdi list" twice 
yesterday and once today and apparently you did'nt receive it ?!?

It was just to inform that I could'nt attend the call at 5pm PT.
And to express two concerns I have.

The first is regarding the "mutual authentication" required before any 
exchange of data. Do we have to develop specific use case(s) about this 
point or do we have to support existing mechanisms like SAML or SPKI (Thanks

again Fen!).

The second is about the use cases I would like to write to develop my ideas 
around "identity issuer/authority", e.g. the creation of business card 
through the exchange of my personal data (my first name, name... and for 
instance the person to be conctacted in case of emergency), the data from my

employer (phone, e-mail, addresses, title, function, role, department...) 
and the related contract about the change, update, synchronisation, forward,

termination (in case of "end of contract" or "de-provisioning" to use an ID 
Mgt terminology)...

Thanks already for your comments about the 2 points.
Please forward it to the XDI list if necessary.

Hoping that this e-mail will reach you, regards
Jean-Luc

PS I have another concern about the fact that our e-mails are apparently 
retrievable through Google!
Check e.g. with "Keymino"
I though only the XDI members are able to read our e-mails and documents...

_________________________________________________________________
Offres dernières minutes http://www.fr.msn.be/voyage