OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xdi message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: questions about link contracts

Hello XDI TC,

The following question came up on the Higgins developer list:

The idea of link contracts is that they can grant permissions to a list of individuals and organizations identified by XRIs.
Senders of XDI messages are authenticated by an XDI endpoint through a signature on the XDI message.
Correct so far?

The question that has come up is, what if a user is talking to their own XDI endpoint (i.e. the one their i-name's XRD points to).
In that case, could a user also provide their i-name password instead of a signature?
And would the XDI endpoint then grant the user unrestricted access to their own subject (actually, maybe even to the entire XDI graph), without there being a link contract in place?


User =web*markus wants to talk to his own XDI endpoint at:

Could =web*markus send the following message that would "circumvent" link contracts because the password is correct?

$get <-- or $add, $mod, $del -->

I think these are important questions that are relevant to projects such as PDX.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]