[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] SimpleSign for estabilishing the authenticity of XRD.
On Dec 11, 2008, at 4:09 AM, Nat Sakimura wrote: > Unfortunately, as fare as I understand, this is exactly the case for > XRI resolution. > XRI resolution traverses through Authorities, and each authority > returns an XRD, pointing to the next authority. > This means, each XRD will be signed by different authorities. It is > the use case of the XRI SAML Trusted Resolution. > Then -- I have not touched the spec for long time, so I maybe wrong. > > Perhaps Peter or John could clarify. You are correct. XRI Res (and SAML for that matter) does not specify how trust is established, only that the integrity of the chain can be established. The expectation at the time was that SAML libraries would be widespread, and become a utility much as openSSL has become a utility. That is now begining to occur, but not as broadly than i would have liked. FWIW, the SSTC is also reviewing trust chaining and a more 'dynamic' trust model, based in part by SAML metadata. I see the XRD Discovery and trust processing requirements between these two efforts strikingly similar, and I am hoping that XRD and SAML efforts are at best identical, but at a minimum, compatible. This is especially important for the XRI profiles of SAML draft I posted a week or so ago. =peterd
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]