Re: [xri] SimpleSign for estabilishing the authenticity of XRD.

[Peter Davis <peter.davis@neustar.biz>]

On Dec 11, 2008, at 4:09 AM, Nat Sakimura wrote:

> Unfortunately, as fare as I understand, this is exactly the case for  
> XRI resolution.
> XRI resolution traverses through Authorities, and each authority  
> returns an XRD, pointing to the next authority.
> This means, each XRD will be signed by different authorities. It is  
> the use case of the XRI SAML Trusted Resolution.
> Then -- I have not touched the spec for long time, so I maybe wrong.
>
> Perhaps Peter or John could clarify.

You are correct.  XRI Res (and SAML for that matter) does not specify  
how trust is established, only that the integrity of the chain can be  
established.  The expectation at the time was that SAML libraries  
would be widespread, and become a utility much as openSSL has become a  
utility.  That is now begining to occur, but not as broadly than i  
would have liked.   FWIW, the SSTC is also reviewing trust chaining  
and a more 'dynamic' trust model, based in part by SAML metadata.  I  
see the XRD Discovery and trust processing requirements between these  
two efforts strikingly similar, and I am hoping that XRD and SAML  
efforts are at best identical, but at a minimum, compatible.

This is especially important for the XRI profiles of SAML draft I  
posted a week or so ago.

=peterd