[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes: XDI TC Telecon Friday 2015-06-22
Following are the minutes of the unofficial telecon of the XDI TC held on:
Date: Monday, 22 June 2015 USA
Time: 10:00AM - 11:30AM Pacific Time
Peter Davis
Markus Sabadello
Joseph Boyle
Les Chasen
Phil Windley
Drummond Reed
On the May 28 2015 XDI2 implementation call, a first draft of a walkthrough for a "secure, semantic messaging" use case was created. This combines concepts from the XDI Messaging, XDI Bindings, XDI Policy, and XDI Connections spec. This also introduces the concept of “channels”.
The following presentation contains diagrams that are also relevant to the use case:
https://www.oasis-open.org/committees/document.php?document_id=55485&wg_abbrev=xdi
We reviewed the walkthrough and talked extensively about step 3 (messaging app on phone needs a link contract in =markus' personal cloud)
https://wiki.oasis-open.org/xdi/MessagingWalkthrough
We talked about different ways of authorizing a mobile app to access a resource.
We recalled a recent thread about OAuth 2.0 flows in iOS:
https://groups.google.com/forum/#!topic/oauth/xo9V5-qWBjY
Peter said most apps today are “glorified browsers” consisting mostly of HTML, CSS, JS. Peter also pointed out that the XDI TC will not mandate a single way to authenticate/authorize apps, this should be up to implementers.
We compared the following three architectures:
An OAuth client is registered with a single centralized resource (e.g. Facebook)
An OAuth client is registered with multiple decentralized resources (e.g. BlueButton)
An XDI client is registered with multiple decentralized resources (personal clouds)
---
auth service
client_id
client_secret
client app
client_id and client_secret are registered at dev time by the developer
---
resource resource resource
auth service auth service auth service
client_id client_id client_id
client_secret client_secret client_secret
client app (registration_jwt)
client_id and client_secret are registered dynamically using registration_jwt
---
xdi graph xdi graph xdi graph
auth service auth service auth service
link_contract link_contract link_contract
client app (link_contract_template)
link_contract is registered dynamically using the link_contract_template
The next call is next week at the usual time (Monday 10AM PT).
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]