[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: XDI TC Notes Unofficial Telecon Friday 2015-07-27
Following are the notes of the unofficial telecon of the XDI TC held on:
Date: Monday, 27 July 2015 USA
Time: 10:00AM - 11:30AM Pacific Time (17:00-18:30 UTC)
The TC operates under a standing rule approved 17 July 2008 under which the TC does not hold regular official meetings and conducts all business by electronic ballot only. Unofficial weekly meetings are held to enable discussion among members but no business is conducted nor actions taken.
Lionel Wolberger
Christopher Allen
Markus Sabadello
Joseph Boyle
Drummond Reed
Peter Davis
Les Chasen
Markus did a demo of “cryptographic XDI numbers”, i.e. XDI numbers that are derived from a cryptographic key pair. This could be useful to enable secure XDI messaging between two authorities without prior interaction, and without the need to depend on a third party for public key discovery to enable such messaging.
This demo illustrated that one of the advantages is performance, because the cryptographic XDI number does not require discovery of an external public key—it serves as the public key itself. Christopher commented that the main point of this approach was not performance, but the ability to immediately initiate secure messaging and data exchange without the need for a trusted third party.
Christopher asked about the use of the term “immutable” when applied to an identifier, and also about the term “persistent identifier”—what level of persistence is specified?
Drummond answered that the XDI Core spec uses the terms “immutable identifier” and “mutable identifier” for their precision. Both will be defined in the Glossary. The TC formerly used the terms “persistent identifier” and “reassignable identifier” but The definitions:
An immutable identifier is an identifier assigned to a resource once and never reassigned. A good example is a Uniform Resource Name (URN). (The glossary definition will cite the URN spec.)
A mutable identifier is an identifier that it NOT permanently assigned to a resource, i.e., it may be reassigned to different resources over time. Common examples include IP addresses and domain names.
Immutable Identifiers and Discovery
Peter explained that his biggest concern about using public keys as XDI numbers is that if the private key is compromised, or if the authority for a resource needs to rotate the key pairs associated with the resource, then the identifier will no longer be valid.
Drummond made the point that even if the key pair associated with an entity identifier with an XDI number was compromised or retired, that does not mean the XDI number no longer identifies the resource. It simply means its cryptographic properties should no longer be used.
In any case, Peter would prefer that an XDI scheme for public key identifiers not be included as an XDI scheme in XDI Core 1.0.
This led to a longer discussion about XDI schemes in XDI Core 1.0.
First, Drummond explained the proposed outline for the XDI Schemes section of XDI Core. In addition to defining the ABNF for an XDI scheme and how to extend XDI schemes, the plan has been for it to define the first 3 XDI schemes:
UUID
IPV6
SHA
We had a long discussion about the merits of each of these 3 schemes and whether their definitions belonged in XDI Core or in a separate XDI Schemes 1.0 specification. The main points were:
UUID is so universal and well defined that there is strong justification for including it in Core.
Although TC members in the past had wanted to define IPV6, there is no longer a strong voice for this scheme on the TC.
SHA represents one family of message digests and thus would be better defined in a separate XDI Schemes spec.
An XDI Schemes spec would be nice but not necessary in the XDI 1.0 spec suite.
Markus mentioned that UUID was the standard scheme for the currently deployed XDI infrastructure, and that the SHA scheme was used as well (for content-based addressing, e.g. in XDI discovery processes).
The conclusion of the discussion was the following proposal:
XDI Core 1.0 will define the ABNF for XDI schemes, how it is extensible, e.g., using profiles (what are the normative rules for a profile), and one scheme: UUID.
#CONSENSUS was reached on this proposal.
#CORE EDITORS to make this change.
In response to questions from new TC members, the XDI Core editors (Drummond, Joseph and Markus) explained how they are currently using DocBook and Github:
Joseph uses an XML editor (Sublime Text) directly with the DocBook XML files checked into Github.
Drummond has been drafting sections of Core in Word and then working with Joseph to move text into DocBook, but plans to start editing in an XML editor once the major sections are finished.
Markus uses Eclipse.
Christopher uses Atom (Github’s own editor).
This topic was moved to next week.
The next call is next week at the usual time (Monday 10AM PT). The link to where agenda items can be posted for the next meeting is: https://docs.google.com/document/d/19oDl0lbb56Grehx2a5flZnhrgnua5l8cVvC_dJ8fTXk/edit?usp=sharing
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]