[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: XDI Access control (was Re: [xdi] Minutes: XDI TC Telecon Thursday 1-2PM PT 2010-06-03)
5) LINK CONTRACTS
Markus poised the following special questions related to link contracts (but not the link contract format itself):
- If link contracts are enabled at an XDI endpoint and no link contracts exists, what is the "default" behavior? Allow nothing? Allow only $get?
- Can an XDI endpoint have a special notion of the XDI endpoint "belonging" to a user?
- Is yes, does that user automatically have "full rights" to the XDI endpoint outside of normal link contract evaluation?
- As an alternative to signing XDI messages with a key, can an XDI message contain a user's password for authentication?
We did not have time to consider these on the call, so we will tackle them in email.
In addition, Bill poised the question: Rather than say will XDI use auth mechanism A or B, what are people's thoughts on considering a broader mechanism support so that implementors can decide? I'm specifically thinking of support for using SASL mechanisms (see links below):
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]