OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xdi message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes: XDI TC Telecon Friday 2013-05-17

XDI TC Minutes

Following are the minutes of the unofficial telecon of the XDI TC at:

Date:  Friday, 17 May 2013 USA
Time:  09:00AM - 10:30AM Pacific Time (16:00-17:30 UTC)


Les Chasen

Markus Sabadello

Animesh Chowdhury

Joseph Boyle

Drummond Reed

Phil Windley

Dan Blum


Peter Davis



Most XDI TC members were in attendance at the Computer History Museum in Mountain View, CA. XDI was one of the key topics of the conference because it is so relevant to discovery, semantic interoperability, data portability, and trust between personal clouds.

In particular, Esther Mackaay from the .NL registry led two sessions on comparing DNS and XDI. She took extensive notes and said she is going to put together a worksheet that is going to be posted to the Personal Data Ecosystem Consortium wiki.

Several TC members including Les Chasen, Markus Sabadello, and Drummond Reed will try to follow through to help Esther with this task.



Drummond was able to complete an update with all the revised syntax just before IIW.


He observed that while most patterns had little change except for the new syntax, it did have significant effects on several patterns, such as Personas and Roles, because of the more precise semantics around how class/instance collections work.


This week's decision queue is the following set of proposals:


Drummond sent an email to the list just before IIW with a proposed solution to the star syntax problem that had been discussed on the list. He has posted this as an update to:


Drummond explained that the proposed solution was to reclassify star * to represent an instance singleton.

Markus said that while he supported this change, he felt it was a contradiction to have a “singleton instance” when all singletons represent instances. Phil agreed.

After a short discussion it was agreed to reclassify * as follows:

# DECISION: The star delimiter shall represent an untyped entity.

Markus made this change to the wiki page.


Now that XDI trial deployments are preparing to go live, the issue of message authentication is moving to the fore.


Markus explained that there are two issues:

  1. Sending secret authentication tokens (such as passwords) in the clear.

  2. The link contract comparison operator that should be used when doing the comparison of a secret token to a hashed/salted version in a password store.

Dan made the point that XDI endpoints should support any externalized authentication service, including Active Directory, LDAP, OAuth, etc. A password database is just one such external authentication service.

Animesh poised the question as to whether it would be feasible to run an OAuth engine in front of an XDI endpoint to handle all of the authentication and session management, and only referring to the XDI endpoint to check link contracts for authorization.

Dan replied that this scenario was very feasible and just represented using an OAuth endpoint as an externalized authenticaton service. Dan recommended that the XDI TC produce a specification that defines how an XDi endpoint should interface with an OAuth endpoint to consume its authentication and session management services.

Markus then ran through the scenario of the XDI endpoint interfacing with an external password store. This exercise highlighted that even if the XDI message authentication token is sent via a secure transport (such as HTTPS), it is not accurate for an XDI link contract policy to use an $equals comparison operator because that operator is for to compare equivalent literal values, and the external password store has a hashed/salted value.

We ran out of time to complete the discussion, but agreed to the following action item:

# ALL: Suggest a new $word to express the semantics of “secure comparison”.


Joseph provided a brief update on progress on the revised ABNF:

 https://wiki.oasis-open.org/xdi/XdiAbnf/Discussion (see the 2013-05-05 comment)

Organizational changes:

  1. Partition former "Full Graph Model ABNF" into Statement, Path, Arc, and serialization-specific grammars.

Serialization support changes:

  1. Abstract XDI syntax tokens generalizing grammar to encompass all current serialization proposals

  2. Add grammars realizing each statement-based serialization (JSON Flat, JSON Parse, Display Format)

  3. Add multiple object per S/P support for Flat JSON and 2-line Display Format

  4. Add new Graph ABNF for Tree serialization. Alternative to Statement Grammar but still based on Path, Arc grammars.

Joseph has the following open questions:

  1. Is “()” as predicate to be called outer-root or another name?

  2. For serializations with multiple objects per S/P, can we mix contexts, relative-contexts, instance-contexts, any others?

We ran out of time to discuss these, but Drummond will try to arrange one-on-one time with Joseph to go over them.


The decision queue stack is shown on the following three auto-generated Category pages:




See also this list of proposals that need to be developed:



The next call is next week at the regular time.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]