[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xdi] Agenda for XDI TC Call Monday 4/19 5PM Pacific
Jean-Luc, Indeed, as Fen and Marc indicated, there was some problem with the OASIS email servers yesterday, so your mail only came through today. Also, just to be clear: all OASIS email lists and web pages are public, and are publicly indexable (by Google and all other search engines). The OASIS chairs list has recently had a long discussion about the fact that this exposes all our email addresses to spam harvestors, and OASIS is looking into alternatives. Ironically, this is one very clear use of XRIs and XDI - to switch from public to private addresses where access is based on permissions. But we have to finish the XDI specs before we can propose this to OASIS. In any case, as Fen replied, I strongly agree with the mutual authentication issue and do expect that XDI/SOAP will be able to use SAML, SPKI, or similar mechanisms for this (XDI/HTTP would need to develop it natively). As for your second point, please by all means do write up your use case, ideally before our f2f meeting beginning next Wed. the 28th, as that way we will be able to review it there. We will be having the dial-in portion of the f2f on Thursday morning as per the agenda published to the list, so if you can attend that we will go over it there. Best, =Drummond -----Original Message----- From: Jean-Luc Schellens [mailto:jlschellens@hotmail.com] Sent: Tuesday, April 20, 2004 7:38 AM To: drummond.reed@cordance.net Cc: xdi@lists.oasis-open.org Subject: RE: [xdi] Agenda for XDI TC Call Monday 4/19 5PM Pacific Hello Drummond, This is my last try! I'm indeed in trouble because I sent this message to the "xdi list" twice yesterday and once today and apparently you did'nt receive it ?!? It was just to inform that I could'nt attend the call at 5pm PT. And to express two concerns I have. The first is regarding the "mutual authentication" required before any exchange of data. Do we have to develop specific use case(s) about this point or do we have to support existing mechanisms like SAML or SPKI (Thanks again Fen!). The second is about the use cases I would like to write to develop my ideas around "identity issuer/authority", e.g. the creation of business card through the exchange of my personal data (my first name, name... and for instance the person to be conctacted in case of emergency), the data from my employer (phone, e-mail, addresses, title, function, role, department...) and the related contract about the change, update, synchronisation, forward, termination (in case of "end of contract" or "de-provisioning" to use an ID Mgt terminology)... Thanks already for your comments about the 2 points. Please forward it to the XDI list if necessary. Hoping that this e-mail will reach you, regards Jean-Luc PS I have another concern about the fact that our e-mails are apparently retrievable through Google! Check e.g. with "Keymino" I though only the XDI members are able to read our e-mails and documents... _________________________________________________________________ Offres dernières minutes http://www.fr.msn.be/voyage
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]