Minutes: XDI TC Telecon Thursday 1-2PM PT 2008-07-03

["Drummond Reed" <drummond.reed@cordance.net>]

Following are the minutes of the unofficial telecon of the XDI TC at:

Date:  Thursday, 3 July 2008 USA
Time:  1:00PM - 2:00PM Pacific Time

ATTENDING

Kermit Snelson 
Markus Sabadello
Drummond Reed
Dee Schur
John Bradley


AGENDA

1) SUMMARY OF XRI TC/W3C TAG TELECON

The TC members that attended the call said that it was a good conversation,
but it revealed how relatively little the TAG currently understands about
XRI architecture. In particular the use of cross-references and how vital
they are to XDI would appear to be a point that could use much more
illustration and examples.


2) XDI TC JOINING IDTRUST MEMBER SECTION

Dee Schur said the vote was unanimous on the part of the IDtrust Member
Section to accept the XDI TC, and she welcomed us as a member.

Dee explained that one benefit is that it raises the XDI TC's visibility
across different activities in which the Member Section, such as the
upcoming Open Standards Forum 2008 in London. Dee said this will be of
steadily greater benefit as this area of OASIS grows.

Dee encouraged all individuals or organizations participating in the TC to
join the member section. Dee will send directions to the TC list about how
to do this.

# DEE to send instructions to the XDI list. (DONE)

Dee also explained that the TC has ability to request funding from the
Member Section for specific projects or activities that the TC believes can
help advance our goals. Also, she encouraged us to contribute content to the
Focus Area on XML.org in order to make more people aware of our activities.
This focus area is intended to be a "watering hole" for everything related
to identity and trust infrastructures.


3) XDI SIGNATURES

For our technical topic, Markus Sabadello demonstrated his new XDI4J utility
for experimenting with XDI signatures:

	http://graceland.parityinc.net/xdi-signer/XDISigner

Markus explained that with this utility:

* You can sign the entire graph or one subject.
* You can enter your own private key.
* You can also validate a signature that has been applied.

He explained the current canonicalization algorithm he has implemented:

1) First the portion of the graph being signed is ordered alphabetically
(ordering of subgraphs is recursive).
2) Next it is serialized in X3 Standard
(http://wiki.oasis-open.org/xdi/X3Format). 
3) Then it is signed by the private key associated with the signer.

Questions about the signer:
* Markus explained that the signature is on a subject, the signer is the
subject.
* When the signature is an the entire XDI document, the signer is the
authority for the XDI document as asserted by the $ context subject. We
agreed this must be mode explicit.

There was also consensus that we need to add an XDI Signatures specification
to our 1.0 suite because with signatures, the "devil's in the details".

# DRUMMOND to add this to the XdiOneSpecs wiki page. (DONE)

John explained that there is much currently discussion in the industry about
"bearer tokens" and "holder-of-key tokens". He said that holder-of-key
tokens may be required to reach NIST Level 4. That's a limitation of
information cards in their present state since they us bearer tokens.
However there may be nice synergy in the use of a bearer token to set up a
channel for the exchange of a holder-of-key token. This could be a unique
advantage of XDI in that it can be used to both request and respond with
holder-of-key tokens.

John explained that the SOAP binding to ooTao's XDI ATI server lends itself
to producing a SAML token that can be signed as a holder-of-key token.
However with XDI RDF and XDI signatures you could also do this directly
using X3-over-HTTP.