Re: [xdi] questions about link contracts

[Drummond Reed <drummond.reed@xdi.org>]

Markus, I didn't reply separately to this message, rather to your later message on this and several other topics, but just to confirm, I agree with you that this pattern makes perfect sense, and should be fine when a user is talking to their own XDI context at their own XDI endpoint.

I agree with Giovanni that if the user is using an active client, it would be better if the active client sent multiple factors (e.g., an active client ID plus a signature on the message, made using a public key the active client registered with the server). But short of an active client, the below should work.

=Drummond

On Wed, May 19, 2010 at 8:15 AM, Markus Sabadello <markus.sabadello@xdi.org> wrote:

Hello XDI TC,

The following question came up on the Higgins developer list:

The idea of link contracts is that they can grant permissions to a list of individuals and organizations identified by XRIs.
Senders of XDI messages are authenticated by an XDI endpoint through a signature on the XDI message.
Correct so far?

The question that has come up is, what if a user is talking to their own XDI endpoint (i.e. the one their i-name's XRD points to).
In that case, could a user also provide their i-name password instead of a signature?
And would the XDI endpoint then grant the user unrestricted access to their own subject (actually, maybe even to the entire XDI graph), without there being a link contract in place?

Example:

User =web*markus wants to talk to his own XDI endpoint at:
https://xdi.freexri.com/=!91F2.8153.F600.AE24!84f5.bc25.b7de.afd5

Could =web*markus send the following message that would "circumvent" link contracts because the password is correct?

=web*markus
	$is$a
		=
	$password
		"secret"
	$get  <-- or $add, $mod, $del -->
		/
			=web*markus
				+city
				+country

I think these are important questions that are relevant to projects such as PDX.

thanks
Markus