OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xri] Identical-Priority XRD "URI" Elements...


Let me just ask one question to clearly understand what you are trying to 
achieve.

In the draft, it seems that it is the XRD provider who is requiring the 
multi-headed
authn among equal priority authentication services.

The assumption is then that the user controls XRD and he can pick
any number of Authentication Services as a group.
Then, he can require any RP to get assertion from all the member of the
group.

Is this the correct understanding?

=nat

--------------------------------------------------
From: "David Fuelling" <david.fuelling@cordance.net>
Sent: Sunday, January 11, 2009 4:08 AM
To: <xri@lists.oasis-open.org>
Subject: [xri] Identical-Priority XRD "URI" Elements...

> Hey List,
>
> I'm looking for some guidance...
>
> I've been thinking about how to enable what I call "two-headed auth" in 
> OpenID (which is where two OP's must provide a valid assertion to an RP 
> before the RP grants access to protected resources), and have come up with 
> one paticular way of doing this[1].
>
> Basically, this just overrides (clarifies?) some of the behavior of XRI 
> Resolution 
> 2.0<http://docs.oasis-open.org/xri/2.0/specs/cd02/xri-resolution-V2.0-cd-02.html>[2], 
> section 4.3.3(3).  This section currently indicates that a consuming 
> application which encounters multiple, identical-priority elements should 
> just pick one of these elements at random.  My "extension/clarification" 
> instead says that the consuming application SHOULD utilize both of the 
> elements in tandem (instead of just one at random).  The net effect is 
> this enables and instructs an RP to use 2 OP's to verify ownership of a 
> particular OpenID.
>
> So, I have the following questions relating to this:
>
> 1.  Is the behavior I've outlined in this message, and in my "very rough 
> draft spec"[1], acceptable per the current version of XRI Resolution? 
> (The use of the word SHOULD leads me to beleive that it is).
>
> 2.  However, if the answer is "no", how big of a deal would it be to 
> loosen the language of section 4.3.3(3) to read something like this (my 
> additions are indicated between brackets []):
> "If two or more instances of the same element type have identical priority 
> attribute values (including the null value), the consuming application 
> SHOULD [either] select one of the instances at random[, or utilize all of 
> the equivalent priority elements together per the requirements of each 
> particular Service]. This consuming application SHOULD NOT simply choose 
> the first instance that appears in XML document order."
>
> Thanks for any guidance here.  I'd also be open to hearing if there's a 
> better way to do what I'm trying to do with XRD.
>
> Thanks!
>
> David
>
>
> [1] 
> http://wiki.openid.net/f/openid-provider-multiauth-extension-1_0-1.html
> [2] 
> http://docs.oasis-open.org/xri/2.0/specs/cd02/xri-resolution-V2.0-cd-02.html
> 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]