[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes: XDI TC Telecon Thursday 1-2PM PT 2008-07-03
Following are the minutes of the unofficial telecon of the XDI TC at: Date: Thursday, 3 July 2008 USA Time: 1:00PM - 2:00PM Pacific Time ATTENDING Kermit Snelson Markus Sabadello Drummond Reed Dee Schur John Bradley AGENDA 1) SUMMARY OF XRI TC/W3C TAG TELECON The TC members that attended the call said that it was a good conversation, but it revealed how relatively little the TAG currently understands about XRI architecture. In particular the use of cross-references and how vital they are to XDI would appear to be a point that could use much more illustration and examples. 2) XDI TC JOINING IDTRUST MEMBER SECTION Dee Schur said the vote was unanimous on the part of the IDtrust Member Section to accept the XDI TC, and she welcomed us as a member. Dee explained that one benefit is that it raises the XDI TC's visibility across different activities in which the Member Section, such as the upcoming Open Standards Forum 2008 in London. Dee said this will be of steadily greater benefit as this area of OASIS grows. Dee encouraged all individuals or organizations participating in the TC to join the member section. Dee will send directions to the TC list about how to do this. # DEE to send instructions to the XDI list. (DONE) Dee also explained that the TC has ability to request funding from the Member Section for specific projects or activities that the TC believes can help advance our goals. Also, she encouraged us to contribute content to the Focus Area on XML.org in order to make more people aware of our activities. This focus area is intended to be a "watering hole" for everything related to identity and trust infrastructures. 3) XDI SIGNATURES For our technical topic, Markus Sabadello demonstrated his new XDI4J utility for experimenting with XDI signatures: http://graceland.parityinc.net/xdi-signer/XDISigner Markus explained that with this utility: * You can sign the entire graph or one subject. * You can enter your own private key. * You can also validate a signature that has been applied. He explained the current canonicalization algorithm he has implemented: 1) First the portion of the graph being signed is ordered alphabetically (ordering of subgraphs is recursive). 2) Next it is serialized in X3 Standard (http://wiki.oasis-open.org/xdi/X3Format). 3) Then it is signed by the private key associated with the signer. Questions about the signer: * Markus explained that the signature is on a subject, the signer is the subject. * When the signature is an the entire XDI document, the signer is the authority for the XDI document as asserted by the $ context subject. We agreed this must be mode explicit. There was also consensus that we need to add an XDI Signatures specification to our 1.0 suite because with signatures, the "devil's in the details". # DRUMMOND to add this to the XdiOneSpecs wiki page. (DONE) John explained that there is much currently discussion in the industry about "bearer tokens" and "holder-of-key tokens". He said that holder-of-key tokens may be required to reach NIST Level 4. That's a limitation of information cards in their present state since they us bearer tokens. However there may be nice synergy in the use of a bearer token to set up a channel for the exchange of a holder-of-key token. This could be a unique advantage of XDI in that it can be used to both request and respond with holder-of-key tokens. John explained that the SOAP binding to ooTao's XDI ATI server lends itself to producing a SAML token that can be signed as a holder-of-key token. However with XDI RDF and XDI signatures you could also do this directly using X3-over-HTTP.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]