[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xri] URIMap element (was: XRD trusted discovery workflow)
> From: Dirk Balfanz [mailto:balfanz@google.com]
> Sent: Monday, December 15, 2008 6:04 PM
>
> "confusing" only if the XRD is about a resource identified by a URI? Or
> "confusing" in general? (and, yes, those snippets were supposed to be
> from an XRD-for-a-site).
Not in the context of XRD for a site. It wasn't clear in your example and I wanted to demonstrate why the context is important when using these constructs.
> Does "confusing" mean you wouldn't want to see it in a spec?
Nothing you have suggested will be forbidden in the spec. My concerns are not about the XRD spec but how OpenID will use it.
> If site-meta doesn't have signatures, we might need both ("describedby"
> links in XRDs-for-URIs and in XRDs-for-sites).
Which is fine. But I think it will.
> I'm actually thinking it might be better for /site-meta not to have
> signatures. site-meta is supposed to be just like a (collection of)
> Link: HTTP header(s) (but for the site, not the root resource), and we
> can't sign those headers either. Plus, to do secure discovery of an
> authoritative XRD, the libraries parsing site-meta and the libraries
> parsing XRD would have to somehow work together to traverse the trust
> chain. Seems to be easier to say "trust is the job of XRD, not site-
> meta".
I don't think it will be part of the core spec, but the mechanism used (created) by XRD should be easy to apply to /site-meta. The beauty in the link architecture is that you can ignore links you don't care about. Simple clients can just ignore the rel="signature" link.
EHL
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]