xdi message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Minutes: XDI TC Telecon Thursday 2011-11-03
- From: Drummond Reed <drummond.reed@xdi.org>
- To: OASIS - XDI TC <xdi@lists.oasis-open.org>
- Date: Thu, 3 Nov 2011 22:37:55 -0700
Following are the minutes of the unofficial telecon of the XDI TC at:
Date: Thursday, 03 November 2011 USA
Time: 1:00PM - 2:00PM Pacific Time (20:00-21:30 UTC)
ATTENDING
Mike Schwartz
Joseph Boyle
Drummond Reed
Markus Sabadello
Giovanni Bartolomeo
THE IDEARPAD LINK FOR TODAY IS:
1) UK MIDATA INITIATIVE
Drummond just sent two emails to the list this morning about the announcement by the UK government this morning, available at:
This
certainly indicates growing market demand for XDI as as solution,
particularly link contracts so UK citizens can have portable control
over their data.
2) OPENXDI UPDATE
Mike said that the OX project is working on OXPlus -- the "Hello World" application for OpenXDI.
3) IDTRUST BUDGET
Kaliya
sent a message to the list reminding us that the IDTrust Member Section
is asking member TCs for budget requests, so we need to consider if
there's anything we'd like to request budget for.
Mike
suggested requesting funding for implementing an enhancement to OXGraph
to improve the usability of the XDI messaging component.
Mike's
second suggestion was to pay for hosting of a Rackspace server to host
an XDI server that would be available to OASIS users and Identity
Commons users for XDI testing.
Joseph
suggested that we look at asking for marketing & PR funds for once
the first set of XDI 1.0 specs are ready. Since these budget requests
are for 2012, this should be feasible.
# MIKE AND DRUMMOND AND JOSEPH to contact Kaliya and Dee RE these requests.
# ALL - Send in any other suggestions to the email list.
4) MESSAGE AUTHORIZATION
Mike sent a message proposing a flow and $words for message authorization using OAuth.
We
discussed the statements needed in an XDI request message. Drummond
proposed that one XDI statement is needed in an XDI message that uses
OAuth authentication. In the template format we used on http://wiki.oasis-open.org/xdi/XdiMessagePatterns, this statement would be:
{from}$msg{$id}/{token-type}$token!/(data:,{token})
Example:
=!1111$msg!1234/$public$oauth$v!2.5$jwt$v!2$token!/(data:,)
=!1111$msg!1234/$public$opendconnect$v!1$token!/(data:,)
=!1111$msg!1234/$public@yubikey$v!3$token!/(data:,)
In
each case, the {token-type} variable would be specified by an XDI
authenticaton spec (or spec profile) that specified how to verify the
supplied token. This includes how to discover any additional metadata
needed from the sender. (For example, performing PKI authentication can
require the receiver to do trusted discovery of the sender's public key
certificate).
Mike preferred having a pointer to the associated token metadata as a separate statement in the message.
Examples of both follow.
Drummond's Proposal REQUEST
=!1111$msg!1234/$is()/(=!2222)
=!1111$msg!1234/$d!/(data:,2011-11-11T12:12:00Z)
=!1111$msg!1234/$do/=!2222*myLinkContract$do
=!1111$msg!1234$do/$get/=!2222$uri!
=!1111$msg!1234/$public$authn$openidconnect$v!1$token!/(data:,<some token>)
Mike's Proposal REQUEST
=!1111$msg!1234/$is()/(=!2222)
=!1111$msg!1234/$d!/(data:,2011-11-11T12:12:00Z)
=!1111$msg!1234/$do/=!2222*myLinkContract$do
=!1111$msg!1234$do/$get/=!2222$uri!
=!1111$msg!1234$do/$authn/$public$authn$openidconnect
=!1111$msg!1234/$token!/(data:,<some token>)
Joseph agrees that we should remove the extra line.
In his earlier implementation, Markus used $o and $p predicates to specify OAuth or PKI, but he used another XDI statement to provide more data.
# MIKE to discuss further next week with OpenXDI developers to get more feedback.
5) XDI DISCOVERY FOR URI CROSS-REFERENCES
Drummond posted additional text covering how to resolve URI cross-references in the XDI Discovery wiki page:
We ran out of time to discuss this today - we'll move it to next week's agenda.
5) NEXT CALL
Drummond
will not be able to attend next week's telecon due to Defrag in
Boulder, CO. However we will still plan to hold the call if enough
others can attend.
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]