[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] XRD trusted discovery workflow
On Thu, Dec 11, 2008 at 12:05 AM, Dirk Balfanz <balfanz@google.com> wrote:
> I think a URI needs a <Service> context - it seems to me a resource map
> doesn't.
> The current proposal on the wiki says that a resource map is inside a
> service element of type "e-mail to URL translation". We could make that more
> generic, and call it "URI to URI translation", at which point it's saying
> the same thing as URIMap. To me it seems that the following three examples
> all mean the same thing:
> [ my proposal: ]
> <XRD>
> <URIMap>http://target.com/uri={URI}</URIMap>
> </XRD>
I have two objections to this.
1) What if I want to delegate XRD serving for different services to
different providers? For example, what if I want PoCo endpoints for
my users served over on poco.example.com, but OpenID endpoints served
over at openid.example.com? I need a service type field to
distinguish.
2) What if the target on the URIMap is under a different authority,
e.g. http://example.com uses a URIMap to indicate that XRDs will be
served over on http://target.com. (XRD hosting as a service). The
target.com server will not be able to sign documents with the
example.com key. It's really important that we be able to delegate
authority at or before a URIMap.
OK, I guess I have a third objection, counting has never been my
strong suit. If you accept that we need to be able to delegate
authority at or before a URIMap, and you accept that we might want to
do limited (by service) delegation of authority, it's important that
Delegation be limited to a particular type.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]