OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xdi] URL claim in the Cardspace specifications

I know from previous discussions with Mike (at a previous employer of mine) that there’s been a lot of thought into making cardspace a generic “tunnel” as much as is practical – and in particular to replace a phishable “redirect tunnel”.


For the purposes of XRI and XDI, it might also be interesting to think about how and why the tunnel endpoints could be identified (or maybe just annotated) with XRIs instead of just HTTP URls (e.g. in WS-MEX/WS-Addressing)…




From: Arun Nanda [mailto:arunn@windows.microsoft.com]
Sent: Friday, February 16, 2007 12:22 PM
To: Kim Cameron; Drummond Reed; Gabe Wachob; xri@lists.oasis-open.org; xdi@lists.oasis-open.org
Cc: Mike Jones; andy.dale@ootao.com; Paul Trevithick
Subject: RE: [xdi] URL claim in the Cardspace specifications


I agree with Kim on this. The Information Card model, and consequently the CardSpace channel, has been deliberately designed to make it token format and content agnostic. Using the OpenID managed card approach, for example, would allow full flexibility on the (token) payload that results from using such a managed card.


From: Kim Cameron
Sent: Friday, February 16, 2007 12:05 PM
To: Drummond Reed; 'Gabe Wachob'; xri@lists.oasis-open.org; xdi@lists.oasis-open.org
Cc: Mike Jones; Arun Nanda; andy.dale@ootao.com; 'Paul Trevithick'
Subject: RE: [xdi] URL claim in the Cardspace specifications


My thinking was that Webpage would be the web page one uses for his identity – perhaps I’m simplistic in my thinking but I suspect a lot of ordinary users jump to the same conclusions, and not understand the niceties of the distinctions between a bunch of URIs.


But I’m happy to discuss and hear what you need.


During the period leading up to the “announce” I was out talking with sxip, janrain and verisign about having OpenID managed cards that carry the normal OpenID payloads - but do this through the CardSpace tunnel rather than through redirects.  I’ve built a demo with shipping CardSpace v1, and I think everyone who has seen it found it quite convincing (scott Kveton has blogged about it).


If OpenID were to support this approach,  then out of the starting gate, the OpenId managed card can have all the appropriate XRI identifiers or semantic tags.


Let’s talk about this next week.  I think it has great potential for solving the problems you point out.



From: Drummond Reed [mailto:drummond.reed@cordance.net]
Sent: Friday, February 16, 2007 11:10 AM
To: 'Gabe Wachob'; xri@lists.oasis-open.org; xdi@lists.oasis-open.org
Cc: Kim Cameron; Mike Jones; Arun Nanda; andy.dale@ootao.com; 'Paul Trevithick'
Subject: RE: [xdi] URL claim in the Cardspace specifications




I agree completely. Now that we know what the actual claim (on the MS self-asserted card schema), the lack of sufficient semantics to recognize that the value of the “webpage” claim is an OpenID URL, let alone a XRI, is the first key issue I think we need to discuss with Kim, Mike, Arun, and the CardSpace team.


I’ll work with them to arrange a meeting as soon as we can.




From: Gabe Wachob [mailto:gabe.wachob@amsoft.net]
Sent: Friday, February 16, 2007 10:38 AM
To: 'Drummond Reed'; xri@lists.oasis-open.org; xdi@lists.oasis-open.org
Cc: 'Kim Cameron'; 'Mike Jones'; 'Arun Nanda'
Subject: RE: [xdi] URL claim in the Cardspace specifications


Just because the “webpage” slot takes a URI, that doesn’t mean to me that it should take an XRI – an XRI identifies a person, concept, place, anything, whereas a webpage is, well, a webpage, and nothing more.


That being said, if that’s the easiest way to stick in XRI’s, I guess we could use it. (the xri.net version? The raw version?)


I’m shocked that our friends at Microsoft didn’t include a separate slot for an iname!!!! It will be there in version 3, right?  ;-)




From: Drummond Reed [mailto:drummond.reed@cordance.net]
Sent: Friday, February 16, 2007 8:55 AM
To: xri@lists.oasis-open.org; xdi@lists.oasis-open.org
Cc: Kim Cameron; 'Mike Jones'; 'Arun Nanda'
Subject: RE: [xdi] URL claim in the Cardspace specifications


XRI & XDI TC members:


In following up on Laurie’s and my action item, we received the following clarification from Mike Jones and Arun Nanda about the supported claims in Microsoft’s schema for self-asserted CardSpace information cards. There is in fact a claim for a URL, referred to as a “webpage” (last one on the list below).


This should help us in our discussions of XRIs both as claims identifiers and claims values.


Thanks again to Laurie for her excellent research on this topic, and to Paul for his help.







Given Name


Last Name


Email Address




Locality (City)


State or Province


Postal Code




Phone Number


Other Phone


Mobile Phone


Date of Birth






Web Page



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]