RE: [xri] XRD trusted discovery workflow

[Sakimura Nat <n-sakimura@nri.co.jp>]

It is authoritative to the CID. For OpenID use case, that would be enough.

There has to be another document that links URI to CID, similarly signed if we need the authenticity of the synonims.

=nat

________________________________________
差出人: Brian Eaton [beaton@google.com]
送信日時: 2008年12月12日 1:18
宛先: Sakimura Nat
CC: Dirk Balfanz; xri@lists.oasis-open.org
件名: Re: [xri] XRD trusted discovery workflow

On Thu, Dec 11, 2008 at 12:41 AM, Nat Sakimura <n-sakimura@nri.co.jp> wrote:
> The workflow is like this:
>
>  1. When you access the Indentity URI, you will get link-header etc.
>     that points to the XRD associated to it.
>  2. When you look into XRD, you can find the URI for the cert.
>  3. Retrieving the cert, do the usual cert check.
>  4. Find the Subject(UniqueIdentifier) in the cert and compair that
>     with CanonicalID.
>  5. If they match, they are the pair we are looking for. See if the
>     signature on XRD can be verified.
>  6. If OK, the XRD is authoritative. You can trust it, and start using
>     associated URIs (both in the authority section and services
>     section) in it.

How d you know that the discovered XRD is authoritative for the
identity URI you started with?