OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xri] Quick overview of descriptor discovery flow

Comments inline.

> -----Original Message-----
> From: Nat Sakimura [mailto:n-sakimura@nri.co.jp]
> Sent: Wednesday, December 17, 2008 4:15 AM
> > A /site-meta file can contain such a link:
> >
> > Link: <http://example.com/policy/privacy>; rel="privacy";
> > type="application/p3p+xml"
> > Link: <http://example.com/site/descriptor>; rel="describedby";
> > type="application/xrd+xml"
> > Link-Template: <http://example.com?meta={+uri}
> > <http://example.com?meta=%7B+uri%7D>>; rel="describedby";
> > type="application/xrd+xml"
> > Link: <http://example.com/signature>; rel="signature";
> > type="application/signature+xml"
> >
> > And an XRD can contain such a link:
> >
> > <XRD>
> >     <CanonicalID>http://example.com/resource/1</
> > <http://example.com/resource/1%3C/>CanonicalID>
> >     <URI>http://example.com/api/v1/resources?id=1</URI>
> > <http://example.com/api/v1/resources?id=1%3C/URI%3E>
> >     <Type>http://example.com/some_type_of_resource</Type>
> > <http://example.com/some_type_of_resource%3C/Type%3E>
> >     <Link>
> >         <Rel>http://example.com/rel/my_calendar</Rel>
> >         <URI>http://example.com/calendar/1</URI>
> > <http://example.com/calendar/1%3C/URI%3E>
> >     </Link>
> >     <Link>
> >         <Rel>signature</Rel>
> >         <MediaType>application/signature+xml</MediaType>
> >         <URI>http://example.com/signature</URI>
> > <http://example.com/signature%3C/URI%3E>
> >     </Link>
> > <XRD>
> >
> > What each of these documents is pointing to is a document looking
> > something like this:
> >
> > <Signature method="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
> >     <ds:KeyInfo>
> >         <ds:X509Data>
> >             <ds:X509Certificate />
> >             <ds:X509Certificate />
> >         </ds:X509Data>
> >     </ds:KeyInfo>
> >
> <Value>kjfsdlkfj943j4309jfl;kj;934jf;iwjf;934jf;oijdflkjsda==</Value>
> > <Signature>
> Just to be clear: The http://example.com/signature in /site-meta
> example and XRD example has different content, right?

Yes. The example should have used different signature file URIs.

> >
> > And to verify it, the entire document linking to the signature (i.e.
> > The HTTP body used to retrieve it) is used with the listed
> > certificates to verify the signature. The authority of the
> > certificates is verified using something like the <CanonicalID> of
> the
> > XRD and the domain name of the /site-meta.
> I was wondering if we should stick to XML DSig sintax for describing
> X509 certs data etc. Since it is not XML DSig anymore, I was wondering
> if using ds:... could be a bit confusing.

I think the value of reusing a namespace is only there if existing software can do something smart with it. If not, we should define a new ns.

> Also, when we take into the XRI resolution <XRDS> use case, the file
> signing alone would not solve the issue. Brian, John and I have been
> discussing about it for a week or so now.

Can you explain?

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]