OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xdi message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xdi] XDI message for retrieving one's private key?

Mike, I don't disagree with you, but Markus was asking what the message flow was exclusive of authentication. This particular question - how would a person retrieve some of their own data - exercises several key patterns, including root contracts.

I have a suggestion, which is that we start a series of XDI TC wiki pages documenting message patterns. I just added a section to the XDI Message Patterns wiki page for this:


The first pattern page, containing the info below, is at:


I suggest we use this approach to document other message patterns as we design them.



On Sun, Mar 4, 2012 at 7:21 PM, Michael Schwartz <mike@gluu.org> wrote:

Drummond and Markus,

I don't think you graph is an appopriate place to store your private key...

But if you did store your private key in your graph, you would certainly want to authenticate before you retrieved it... in which case you would need a token of some kind (JWT OpenID Connect 1.0 token for oxServer).

As far as I can remember, we have not worked out the exact message flow for PKI authentication.

- Mike


Michael Schwartz
Founder / CEO
+1 646-810-8761

On Sun, 4 Mar 2012, Markus Sabadello wrote:

Okay. I think there are $msg subsegments missing, no?

1) (=!91F2.8153.F600.AE24)/$add/=!91F2.8153.F600.AE24$msg!($) 2)
3) =!91F2.8153.F600.AE24$msg!($)$d/!/(data:,2011-04-10T22:22:22Z)
4) =!91F2.8153.F600.AE24$msg!($)/$do/$do
5) =!91F2.8153.F600.AE24$msg!($)$do/$get/


On Sun, Mar 4, 2012 at 12:17 AM, Drummond Reed <drummond.reed@xdi.org>wrote:

Ok, working from the example on
http://wiki.oasis-open.org/xdi/XdiMessagePatterns. I'll do it in XDI
statement format first because then that can just be converted to JSON.

1) (=!91F2.8153.F600.AE24)/$add/=!91F2.8153.F600.AE24$msg!($)2) =!91F2.8153.F600.AE24!($)/$is()/(=!91F2.8153.F600.AE24)3) =!91F2.8153.F600.AE24!($)$d/!/(data:,2011-04-10T22:22:22Z)4) =!91F2.8153.F600.AE24!($)/$do/$do5) =!91F2.8153.F600.AE24!($)$do/$get/=!91F2.8153.F600.AE24$key$rsa$1024$private!1

Notes by statement number:

  1. The first statement says that the (=!91F2.8153.F600.AE24) graph is

  adding a message. The ($) at the end means the server needs to assign the
  message i-number.
  2. The second one says the target context for the message is the same

  XDI graph, i.e., the message is not sent to any other XDI graph.
  3. The third is the datestamp.
  4. The fourth references the root link contract, since this involves

  root-level access (the graph owner accessing the graph).
  5. The fifth is the $get statement for the private key (assuming this

  is defined in the XDI $ dictionary - we still need to work out the
  dictionary definition for key pairs).


On Sat, Mar 3, 2012 at 11:22 AM, Markus Sabadello <
markus.sabadello@xdi.org> wrote:

An unidentified client that isn't registered with the XDI endpoint.

I'm not so much interested in the authentication aspect, only in the core
structure of the message.


On Sat, Mar 3, 2012 at 8:18 PM, Drummond Reed <drummond.reed@xdi.org>wrote:

Markus, before I answer, I need to clarify the question: what is
"Markus", the human being, using to retrieve his private key? In other
words, via what device, using what client, is Markus sending this XDI
message to his own XDI endpoint (=!91F2.8153.F600.AE24) requesting his
private key? Is it coming from an unidentified browser? Or from another
device (such as a smart phone) that has already been registered with his
XDI endpoint?

This ends out being important in terms of how authentication is
bootstrapped (as Mike has already discovered with the OpenXDI Project).


On Sat, Mar 3, 2012 at 10:19 AM, Markus Sabadello <
markus.sabadello@xdi.org> wrote:

Let's say =markus (=!91F2.8153.F600.AE24) would like to retrieve his
private key from his XDI endpoint..

Would anyone have time to tell me what the XDI message for that would
look like?
I.e. the actual serialized XDI data that goes over the wire.

I have an idea of how it would work, but I'd rather hear it from
soneone else :)


To unsubscribe, e-mail: xdi-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: xdi-help@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]