OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xri] SimpleSign for estabilishing the authenticity of XRD.


> Markus wrote>
>> As far as your Signature Method proposals are concerned, I think I
>> like 2.1 best. With a well designed RegExp I think this can be done
>> quite easily.
>
> No, it can't.  If you think it can please build a prototype, I'll show
> you an XML file it can't parse, and then we can iterate until you give
> up. =)

Hmm you're probably right.. After thinking about it again, processing
an XML file in some non-XML way doesn't sound like a good idea.

Markus

On Wed, Dec 10, 2008 at 10:43 PM, Brian Eaton <beaton@google.com> wrote:
> Nat wrote>
>>> If we are to take this file based approach, we have to define how the
>>> signature will work for XRDS.
>
> That seems easy.  We can reuse the exact same algorithm and XML
> schema, right?  So long as we are using a single key to sign a single
> document, there's no problem.  We get into messiness if we need to
> include signatures from several different keys in the same document.
> Do you need to do that, and if so why?
>
> Nat wrote>
>> Also, I would like to re-iterate that CanonicalID is not a usual domain
>> name (= re-assignable.)
>> It has to be a cool uri with fragments or i-number kind of ID that is
>> guarantee not to be re-assigned to another entity by the relevant CA.
>
> I'm really, really confused by this.  Thanks for starting the new
> thread on this topic.
>
> Markus wrote>
>> As far as your Signature Method proposals are concerned, I think I
>> like 2.1 best. With a well designed RegExp I think this can be done
>> quite easily.
>
> No, it can't.  If you think it can please build a prototype, I'll show
> you an XML file it can't parse, and then we can iterate until you give
> up. =)
>
> We can come up with simple canonicalization algorithms only if we
> restrict the statements we are trying to express.  Full-fledged XML
> requires something like full fledged XML canonicalization as defined
> in XML DSIG.
>
> Name/value pairs, like OpenID or OAuth, are much easier to deal with,
> but I suspect we want to include more than name/value pairs in XRD.
>
> Cheers,
> Brian
>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]