Minutes:Joint XRI & XDI TC Telecon 10AM PT Thursday 2007-06-21

["=drummond.reed" <drummond.reed@cordance.net>]

Following are the minutes of a joint unofficial telecon of the XRI and XDI
TCs at:

Date:  Thursday, 21 June 2007 USA
Time:  10:00AM - 12:00PM Pacific Time

Event Description:
Weekly unofficial joint call of the XRI and XDI Technical Committees.

ATTENDING

Gabe Wachob
Les Chasen
Markus Sabadello
Drummond Reed
Wil Tan


AGENDA

1) UPDATE TO XRD SCHEMA FOR XRI RESOLUTION 2.0 WORKING DRAFT 11

Gabe reported that he and Bill have not yet make progress on the revisions
to the XRD schema, but Gabe will try to do so by the end of the week. 

# GABE and BILL to complete revisions to the schema & send to Drummond.


2) EXTENDING CANONICAL ID VERIFICATION TO HTTP(S) URIS

Two special telecons held on this topic over the last week. A slight update
has been posted to the XRI TC wiki:

	http://wiki.oasis-open.org/xri/XriCd02/CanonicalIdVerification 

This proposal is now referenced by the OpenID editors in the following
writeup of the OpenID recycling issue on the OpenID wiki:

	http://openid.net/wiki/index.php/Identifier_Recycling  

* We discussed the main tenants of the proposal, including the definition of
synonym in section 3.2.3 of XRI Resolution 2.0 Working Draft 11 ED02.

* It was apparent there were differing understandings of the function of Ref
elements. It was agreed that the spec should carry an explicit warning that
Refs MUST be used only to represent synonyms for the resolved identifier
assigned by an authority other than the authority producing the current XRD,
and MUST NOT be used to express any other form of relationship between the
authorities.

* As the security implications of the extended Canonical ID verification
proposal were reviewed, it as agreed that the spec should also include
warnings that:

	a) As with DNS or any other registry-based identifier
infrastructure, Canonical ID verification depends on trusting each authority
in the resolution chain.	

	b) Any Canonical ID assigned by an XRI registry under its own
authority SHOULD not be editable by a registrant.

	c) Trusting a Canonical ID without verification can enable spoofing
of Canonical IDs.

The following action items were assigned:

# GABE and MARKUS to both take a close look at the extended Canonical ID
verification writeup and post any comments.

# DRUMMOND to draft revised text for section 11 once this feedback is
received.


3) PROGRESS REPORT FOR XRI RESOLUTION 2.O WORKING DRAFT 11

The current draft, ED02, is at:
	
http://www.oasis-open.org/committees/download.php/24286/xri-resolution-v2.0-
wd-11-ed-02.doc

Drummond said he plans to post ED03, containing as many action items as he
can finish, before he leaves for the Burton Catalyst conference on Monday.


4) NEXT CALL

Due to Catalyst travel, we will not hold a telecon next week, but will
resume our call schedule on Thursday, July 5.