[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xdi] XDI message for retrieving one's private key?
Drummond and Markus,
I don't think you graph is an appopriate place to store your private key...
But if you did store your private key in your graph, you would certainly want to authenticate before you retrieved it... in which case you would need a token of some kind (JWT OpenID Connect 1.0 token for oxServer).
As far as I can remember, we have not worked out the exact message flow for PKI authentication.
- Mike
---------------------------------------------------
Michael Schwartz
Gluu
Founder / CEO
mike@gluu.org
+1 646-810-8761
On Sun, 4 Mar 2012, Markus Sabadello wrote:
Okay. I think there are $msg subsegments missing, no?
1) (=!91F2.8153.F600.AE24)/$add/=!91F2.8153.F600.AE24$msg!($) 2)
=!91F2.8153.F600.AE24$msg!($)/$is()/(=!91F2.8153.F600.AE24)
3) =!91F2.8153.F600.AE24$msg!($)$d/!/(data:,2011-04-10T22:22:22Z)
4) =!91F2.8153.F600.AE24$msg!($)/$do/$do
5) =!91F2.8153.F600.AE24$msg!($)$do/$get/
=!91F2.8153.F600.AE24$key$rsa$1024$private!1
Markus
On Sun, Mar 4, 2012 at 12:17 AM, Drummond Reed <drummond.reed@xdi.org>wrote:
Ok, working from the example on1) (=!91F2.8153.F600.AE24)/$add/=!91F2.8153.F600.AE24$msg!($)2) =!91F2.8153.F600.AE24!($)/$is()/(=!91F2.8153.F600.AE24)3) =!91F2.8153.F600.AE24!($)$d/!/(data:,2011-04-10T22:22:22Z)4) =!91F2.8153.F600.AE24!($)/$do/$do5) =!91F2.8153.F600.AE24!($)$do/$get/=!91F2.8153.F600.AE24$key$rsa$1024$private!1
http://wiki.oasis-open.org/xdi/XdiMessagePatterns. I'll do it in XDI
statement format first because then that can just be converted to JSON.
Notes by statement number:
1. The first statement says that the (=!91F2.8153.F600.AE24) graph is2. The second one says the target context for the message is the same
adding a message. The ($) at the end means the server needs to assign the
message i-number.3. The third is the datestamp.
XDI graph, i.e., the message is not sent to any other XDI graph.
4. The fourth references the root link contract, since this involves5. The fifth is the $get statement for the private key (assuming this
root-level access (the graph owner accessing the graph).
is defined in the XDI $ dictionary - we still need to work out the
dictionary definition for key pairs).
=Drummond
On Sat, Mar 3, 2012 at 11:22 AM, Markus Sabadello <
markus.sabadello@xdi.org> wrote:
An unidentified client that isn't registered with the XDI endpoint.
I'm not so much interested in the authentication aspect, only in the core
structure of the message.
Markus
On Sat, Mar 3, 2012 at 8:18 PM, Drummond Reed <drummond.reed@xdi.org>wrote:
Markus, before I answer, I need to clarify the question: what is
"Markus", the human being, using to retrieve his private key? In other
words, via what device, using what client, is Markus sending this XDI
message to his own XDI endpoint (=!91F2.8153.F600.AE24) requesting his
private key? Is it coming from an unidentified browser? Or from another
device (such as a smart phone) that has already been registered with his
XDI endpoint?
This ends out being important in terms of how authentication is
bootstrapped (as Mike has already discovered with the OpenXDI Project).
=Drummond
On Sat, Mar 3, 2012 at 10:19 AM, Markus Sabadello <
markus.sabadello@xdi.org> wrote:
Let's say =markus (=!91F2.8153.F600.AE24) would like to retrieve his
private key from his XDI endpoint..
Would anyone have time to tell me what the XDI message for that would
look like?
I.e. the actual serialized XDI data that goes over the wire.
I have an idea of how it would work, but I'd rather hear it from
soneone else :)
Markus
---------------------------------------------------------------------
To unsubscribe, e-mail: xdi-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: xdi-help@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]