xri message

Subject: Re: [xri] XRD trusted discovery workflow

From: Brian Eaton <beaton@google.com>
To: Nat Sakimura <n-sakimura@nri.co.jp>
Date: Thu, 11 Dec 2008 08:18:04 -0800

On Thu, Dec 11, 2008 at 12:41 AM, Nat Sakimura <n-sakimura@nri.co.jp> wrote:
> The workflow is like this:
>
>  1. When you access the Indentity URI, you will get link-header etc.
>     that points to the XRD associated to it.
>  2. When you look into XRD, you can find the URI for the cert.
>  3. Retrieving the cert, do the usual cert check.
>  4. Find the Subject(UniqueIdentifier) in the cert and compair that
>     with CanonicalID.
>  5. If they match, they are the pair we are looking for. See if the
>     signature on XRD can be verified.
>  6. If OK, the XRD is authoritative. You can trust it, and start using
>     associated URIs (both in the authority section and services
>     section) in it.

How d you know that the discovered XRD is authoritative for the
identity URI you started with?

Follow-Ups:
- RE: [xri] XRD trusted discovery workflow
  - From: Sakimura Nat <n-sakimura@nri.co.jp>

References:
- XRD trusted discovery workflow
  - From: Brian Eaton <beaton@google.com>
- Re: [xri] XRD trusted discovery workflow
  - From: Dirk Balfanz <balfanz@google.com>
- Re: [xri] XRD trusted discovery workflow
  - From: Brian Eaton <beaton@google.com>
- Re: [xri] XRD trusted discovery workflow
  - From: Dirk Balfanz <balfanz@google.com>
- Re: [xri] XRD trusted discovery workflow
  - From: Nat Sakimura <n-sakimura@nri.co.jp>
- Re: [xri] XRD trusted discovery workflow
  - From: Dirk Balfanz <balfanz@google.com>
- Re: [xri] XRD trusted discovery workflow
  - From: Nat Sakimura <n-sakimura@nri.co.jp>