[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] Secure XRD Proposals
Yes, but it would be nice if we can do in a same mechanism, or at least, leverage on one another. I have got a feeling that the hybrid model goes a long milage. =nat Eran Hammer-Lahav wrote: > But there is no requirement for XRD and XRDS to use the same signature > mechanism. I would be supportive if the XRDS schema will introduce the > 64bit XRD value instead of XRD doing it. So XRD will use external > signatures (the whole HTTP body) while XRDS will record those external > bodies and potentially even the certificate chain and signature value > itself. > > EHL > > > On 12/18/08 2:11 PM, "Sakimura Nat" <n-sakimura@nri.co.jp> wrote: > > Per service signature usecase may be theoretical, but XRI > resolution stands for per XRD signature usecase for an XRDS. > > =nat > ------------------------------------------------------------------------ > *差出人:* Eran Hammer-Lahav [eran@hueniverse.com] > *送信日時:* 2008年12月19日 6:21 > *宛先:* Peter Davis; Brian Eaton > *CC:* Dirk Balfanz; Sakimura Nat; xri@lists.oasis-open.org > *件名:* Re: [xri] Secure XRD Proposals > > Can you provide a “real world” use case? > > EHL > > > On 12/18/08 12:50 PM, "Peter Davis" <peter.davis@neustar.biz > <UrlBlockedError.aspx> > wrote: > > > > On Dec 18, 2008, at 2:47 PM, Brian Eaton wrote: > > > On Thu, Dec 18, 2008 at 11:25 AM, Peter Davis > > <peter.davis@neustar.biz <UrlBlockedError.aspx> > wrote: > >> I can see use cases for each service element being signed. > This is > >> essentially the detached signature model provided in XMLDsig. > > > > What are those use cases? > > circumstances where the relying party to the XRD needs to interact > with 'certified' providers of a given service, and establishing a > network connection to a bogus service is expensive/inefficient > (wrt > network usage), or might otherwise cause harm to either the > relying > party or the user. > > In these cases, it is not sufficient to simply sign the set of > services, as there may be several certified entities (for either > identical services or different ones), and the XRD signature > is too > broad in scope for such circumstances. > > =peterd > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS > TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]