OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xri] Question: Is there a standard way to compose an identifier for the public key of an object?

Ahhh - we misunderstood each other. Each metadata cross reference has 3
parts, and your example has only two. (even $d 
and $v have 3 parts, but the second part has a default if it's left
off). The metadata for public key would look something like
($t*pk*<BASE64-encoded-public-key>). The 3 part is the actual public
key, which is whiy it could be long.

I'm a directory person, so I don't think =sakimura/($t*pk) should return
anything; it's not a command, it's just an identifier. Or, maybe XRI
resolution could return a service point for the directory service that
holds this entry. I think you would use LDAP, or some other
protocol/query language to lookup the public key, e.g., 

	ldapsearch -h <directory-server> -p <port> -b <search-base> -s
<scope> "xri=\=sakimura"

		or

	
ldap://<directory-server>:<port>/<search-base>??<scope>?"xri=\=sakimura"

	(with appropriately escaped quotes, equals, and backSlashes)

Note the these examples are out of my head, so they're not completely
accurate. The LDAP URL is defined in RFC 2255.

Marty.Schleiff@boeing.com; CISSP
Associate Technical Fellow - Cyber Identity Specialist
Computing Security Infrastructure
(206) 679-5933

-----Original Message-----
From: Sakimura, Nat [mailto:n-sakimura@nri.co.jp] 
Sent: Tuesday, January 31, 2006 5:26 PM
To: Schleiff, Marty; xri@lists.oasis-open.org
Subject: RE: [xri] Question: Is there a standard way to compose an
identifier for the public key of an object?

Hi Marty, 

Thanks for the response. 

> Also, we could define a new $t type specifically for public keys.
> However, this could generate pretty long XRIs. 

I am not sure if it should be in the metadata spec or community spec (in
which case, GRS spec should have something like that), but defining new
$t type is definitely one way of doing it. 

However, I did not get why this could generate long XRIs. 

Requesting 

=sakimura/($t*pk)

should return a pointer to the public key of  =sakimura, and XRI itself
does not look very long. 

Nat 

> -----Original Message-----
> From: Schleiff, Marty [mailto:marty.schleiff@boeing.com]
> Sent: Wednesday, February 01, 2006 1:14 AM
> To: Sakimura, Nat; xri@lists.oasis-open.org
> Subject: RE: [xri] Question: Is there a standard way to compose an 
> identifier for the public key of an object?
> 
> Hi Nat,
> 
> In the Metadata Types spec we're defining something similar to what 
> you describe. It's a metadata tag for HIT (a Host Identity tag in the 
> Host Identity Payload protocol - see 
> http://www.irtf.org/charter?gtype=rg&group=hip).
> 
> For example: ($t*hit*<hit-value>)
> 
> <hit-value> is a hash of a public key.
> 
> Also, we could define a new $t type specifically for public keys.
> However, this could generate pretty long XRIs. 
> 
> 
> Marty.Schleiff@boeing.com; CISSP
> Associate Technical Fellow - Cyber Identity Specialist Computing 
> Security Infrastructure
> (206) 679-5933
> 
> -----Original Message-----
> From: Sakimura, Nat [mailto:n-sakimura@nri.co.jp]
> Sent: Tuesday, January 31, 2006 2:26 AM
> To: xri@lists.oasis-open.org
> Subject: [xri] Question: Is there a standard way to compose an 
> identifier for the public key of an object?
> 
> Hi all,
> 
> I have a question. 
> 
> Is there a standard way to compose an identifier for the public key of

> an object?
> 
> For example, it would be very nice if I can be assured that I will get

> a public key for =bob by just doing
> =bob*(+public_key) or something. Then, without any prior knowledge 
> about =bob, I can fetch his public key for bunch of processing.
> 
> Cheers,
> 
> Nat
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that 
> generates this mail.  You may a link to this group and all your TCs in

> OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgr
> oups.php
> 
> 

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in
OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]