OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes: XRI TC Telecon 2-3PM PT Thursday 2009-01-08

Following are the minutes of the unofficial telecon of the XRI TC at:

Date:  Thursday, 08 January 2009 USA
Time:  2:00PM - 3:00PM Pacific Time (22:00-23:00 UTC)

ATTENDING

George Fletcher
Peter Davis
Markus Sabadello
John Bradley
Drummond Reed
Brian Eaton 
Eran Hammer-Lahav 
Breno de Medeiros
Tatsuki Sakushima

REGRETS

Nat Sakimura
Bob Morgan

# = action item


AGENDA

1) GENERIC HTTP DISCOVERY DRAFT

Eran posted the first draft last night via email to:

	http://lists.oasis-open.org/archives/xri/200901/msg00027.html

He explained that it is intended to be very generic and probably will
ultimately be referenced by the XRD 1.0 spec. He is looking for feedback on
this draft as early as possible as he plans to put another draft out as
early as tomorrow.

# ALL TC MEMBERS - Please send Eran comments directly ASAP.


2) XRD 1.0 - DNS VS. HTTP AUTHORITY ISSUE

We discussed the issue raised by Eran on Wednesday:

	http://lists.oasis-open.org/archives/xri/200901/msg00021.html

Per the discussion on the list, there are two core issues.

	a) Separation of DNS and HTTP authority and proper reflection in the
workflow of which should be authoritative for what URIs.
	b) Whether what we are creating should be a "framework" that can be
bound to different protocols (e.g., HTTP and DNS), or whether what we are
creating should be a "pattern" that, once established for HTTP, can also be
emulated in other protocols like DNS.

Another way to frame the issue is to ask, "Are we defining a discovery
protocol for all URIs or just http: URIs? Or just URIs with have an
authority component?"

Peter spoke in favor of the framework approach, saying that it would make it
easier for XRD 1.0 to be adopted by protocols such as XMPP that do not use
http: URIs and may not involve any HTTP stack. It would also help XRD
discovery be scheme-independent, rather than making it dependent on each URI
scheme.

Brian asked - what are the use cases for making HTTP authoritative for
non-http: URIs? The most commonly cited example is using mailto: URIs as
OpenID identifiers. There are a number of ways being discussed for how this
could work. One of them is to only use the domain portion of the address,
however this means discovery could proceed via either DNS or HTTP.

Peter also pointed out that using DDDS, DNS has the capability of performing
the transform on any input URI, so it could answer requests for both http:
and mailto: URIs, for example.

We returned to issue (a) - the issue of authority of DNS vs HTTP. Eran
explained that there is no dispute that http: URIs can go immediately to
HTTP for discovery. The question is whether non-HTTP URIs should use DNS
first. He explained that of the three discovery mechanisms in his proposed
draft (Link-Element, Link-Header, and /site-meta), only Link-Header is
specific to HTTP. Link-Element and /site-meta can be used via all protocols.

Eran expects that the most common deployment of XRD discovery will be a
/site-meta file in a well-known location (WKL). There was a consensus that
although WKLs are generally to be avoided, for this particular problem it is
probably the best practical solution, particularly if there is a strong
argument it can be "the last WKL needed" since everything else can register
there.

However if we are to follow the general precedent that "any place higher in
the Internet hierarchy can speak for anything lower in the hierarchy", then
DNS should be checked first for any form of URI other than an http: URI --
only with the latter can it be assumed that HTTP is authoritative.

John suggested that perhaps http: URIs should /site-meta via HTTP first,
then DNS if that fails, while other URIs should try DNS first and NOT try
HTTP if DNS fails.

Eran's objection was that for an http: URI, this would require two calls to
determine that a site does not support discovery, vs. only one under his
proposal.

So the final proposal discussed was:

	a) http: URIs wills use the 3 discovery methods proposed in Eran's
draft. If these fail, discovery SHOULD fail.
	b) For non-http: URIs, discovery MUST start with DNS, and if it
fails, discovery MUST fail (at least according to the published protocol -
if an application choses to still try HTTP, we can't stop it).

There was general consensus that failure in the latter case was an authority
issue, not a security issue, although John brought up some cases in which it
might become a security issue.

We briefly discussed the relationship between Eran's HTTP-based discovery
proposal and Peter's DNS-based discovery proposal. They agreed the two are
orthogonal, i.e., they are two different discovery protocols that both start
from a URI and end out with a metadata document. Figuring out the ultimate
relationship of the two can be deferred for the time being.

Next steps:

# ERAN will process feedback on the proposal by tomorrow morning hopes to
get out a second draft quickly.
# PETER will continue to update the DNS discovery protocol draft and will
publish the DNS trust profile.


3) XRD 1.0 - SEPARATION OF SIGNING MECHANISMS AND TRUST PROFILES

We ran out of time to discuss Brian's proposal at:

	http://lists.oasis-open.org/archives/xri/200901/msg00003.html 

However there appears to be consensus that we can separate signing
mechanisms and trust profiles as long as we can show it works. The next
steps are:

# NAT to draft a trust profile for OpenID CX.
# PETER to draft a trust profile for DNS discovery.
# BRIAN to propose first draft text for this portion of the spec (that
explains this separation, specifies the signing mechanisms, and specifies
the requirements that each trust profile must meet - assuming trust profiles
go in separate sections or even separate specs).


4) EDITOR'S TELECON WITH TC ADMINISTRATOR MARY MCRAE

We agreed to hold a special telecon next Monday 1/12 from 2-2:30PM PT
between Mary and all XRI and XDI TC editors who want to get her guidance and
advice RE drafting OASIS-compliant specs most efficiently.

# DRUMMOND to schedule this with Mary.
# ALL EDITORS to send in any specific questions to Drummond or the list by
FRIDAY 1/10.
# DRUMMOND to compile the questions on
http://wiki.oasis-open.org/xri/InfoForEditors by the end of Friday and send
a link to Mary. 


5) SPECIAL TOPIC TELECON - CLOSURE ON XRI 3.0 SYNTAX PROPOSALS

An early draft of the XDI RDF Graph Model spec was posted to the XDI TC
wiki. Drummond has reviewed this extensively with Nick Nicholas so we should
be in a position to complete an analysis of the requirements it presents
that motivate the GCS Delimiter and Xref Delimiter proposals.

	http://wiki.oasis-open.org/xdi/XdiOne/RdfGraphModel
	http://wiki.oasis-open.org/xri/XriThree/GcsDelimiter
	http://wiki.oasis-open.org/xri/XriThree/XrefDelimiter 

# DRUMMOND to schedule a special telecon for 2-3PM PT (22:00-23:00 UTC) next
TUESDAY JANUARY 13.


6) CALL SCHEDULE AND NEXT CALL

We agreed to continue the current Tuesday/Thursday calls so we have
scheduled times at which to work through key issues -- this is important to
finish this spec cycle as soon as possible. We will try to minimize call
overhead and devote maximimum time to issues resolution. All editors and TC
members working issues are urged to submit them to Drummond/Peter by noon on
Mondays and Wednesdays for inclusion on the agenda of the next call.

Next call Thursday 2-3PM PT (22:00-23:00 UTC).

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]