[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xri] XRD trusted discovery workflow
It is authoritative to the CID. For OpenID use case, that would be enough. There has to be another document that links URI to CID, similarly signed if we need the authenticity of the synonims. =nat ________________________________________ 差出人: Brian Eaton [beaton@google.com] 送信日時: 2008年12月12日 1:18 宛先: Sakimura Nat CC: Dirk Balfanz; xri@lists.oasis-open.org 件名: Re: [xri] XRD trusted discovery workflow On Thu, Dec 11, 2008 at 12:41 AM, Nat Sakimura <n-sakimura@nri.co.jp> wrote: > The workflow is like this: > > 1. When you access the Indentity URI, you will get link-header etc. > that points to the XRD associated to it. > 2. When you look into XRD, you can find the URI for the cert. > 3. Retrieving the cert, do the usual cert check. > 4. Find the Subject(UniqueIdentifier) in the cert and compair that > with CanonicalID. > 5. If they match, they are the pair we are looking for. See if the > signature on XRD can be verified. > 6. If OK, the XRD is authoritative. You can trust it, and start using > associated URIs (both in the authority section and services > section) in it. How d you know that the discovered XRD is authoritative for the identity URI you started with?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]