[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes: XRI TC Telecon 2-3PM PT Thursday 2009-01-22
Following are the minutes of the unofficial telecon of the XRI TC at: Date: Thursday, 22 January 2009 USA Time: 2:00PM - 3:00PM Pacific Time (22:00-23:00 UTC) ATTENDING Dirk Balfanz Breno de Medeiros Brian Eaton John Bradley Markus Sabadello Tatsuki Sakushima Drummond Reed Peter Davis Nat Sakimura Bob Morgan REGRETS Nick Nicholas AGENDA 1) DNS DISCOVERY http://wiki.oasis-open.org/xri/XrdOne/DNSResolution Peter reported he hasn't made further
progress on paper yet his thinking has progressed and he is getting closer to
the writing stage. 2) XRD 1.0 SCHEMA Eran was sick and not able to attend. He hopes to post the XRD schema
draft as soon as he's feeling better. 3) XRD 1.0 - SIMPLESIGN INLINE PROPOSAL http://lists.oasis-open.org/archives/xri/200901/msg00104.html
http://wiki.oasis-open.org/xri/XrdOne/SimpleSign
Nat's first question about this proposal was
whether the base64 payload should be in an attribute or in a child element. He
said NRI is checking into this but asked if anyone else has experience with it. Nat also noted that SAML SimpleSign chose
to sign over the decoded version of the base64 rather than the encoded version,
because different libraries handle the base64 encoding differently. Peter and
Bob noted that we should check directly with the authors, Scott Cantor and Jeff
Hodges. However Brian noted that one of the best
advantages of not using XML dSig is that the same code can be reused for any
way we're signing the blob. He suggested thinking about it this way: there is
more than one way to encode a base64 bitstream, but they all decode to the same
thing. Therefore he prefers signing the decoded version. There was concensus that this was the best
approach. # NAT will update the wiki page to reflect
this, note any other open issues, and then ping the list to advance discussion. 4) XRD 1.0 - NON-X.509 PUBLIC KEY http://lists.oasis-open.org/archives/xri/200901/msg00105.html Nat said this proposal was very nascent -
he just wrote up his notes and sent them to the list. John replied that he had
worked on an XDI implementation that used non-X.509 public keys and that this
capability could be very useful. Bob explained that SAML had cases where
they could use a key without a cert (in SAML metadata, the metadata is playing largely
the same role as the cert). However they ended out using certs because most
libraries did not know how to handle just "plain-old keys", yet they
do understand the X.509 format. Drummond suggested using an external label
to describe the cert that would establish different semantics about the use of
the cert elements. Nat asked if John would look over the
SimpleSign proposal with an eye to whether it would fulfill the non-X.509 use
case. Nat also explained the concept behind the SubjectID
proposal -- being able to create a unique identifier/key pair for each
relationship the user instantiates. John pointed out that in OpenID, this
"relationship identifier" is the responsibility of the OpenID Provider
(OP). Nat said that OpenID conflates the two roles of discovery and authentication
providers and that if you break it apart, the relationship identifier
assignment is a discovery provider function. We agreed on the following next steps: # NAT to post a wiki page on this writeup. # JOHN AND DRUMMOND to review that page once
it is up and provide feedback about how it compares to PPIDs. # ANY TC MEMBER please post further
feedback on use cases for non-X.509 public keys. 5) XRI 3.0 - SYNTAX Drummond reported that it will be at least another week (and probably
two) before he can do a first draft in OASIS template format. However there are
currently no blocking issues to Working Drafts of that and the two binding
specs. Nick Nicholas has promised to help with the info: binding. John mentioned that one thing that XRI 3.0
Resolution will need to cover is how CanonicalID verification and trust will
work on top of XRD 1.0. Drummond noted that the term "proxy"
may not actually apply to the way that XRI 3.0 resolution works now that XRIs
have URI bindings. John said that any application that only knows about XRD
ought to be able to take an XRI that's bound to a URI root and be able to get
back an appropriate XRD on which it can do trust validation like any other XRD. What will be different is that XRI servers will include a redirect
functionality that will typically not exist for normal XRDs. This will have to
be addressed in terms of backwards compatability. 6) NEXT CALL & SELF-SERVE AGENDA PAGE To cut down overhead and increase call productivity, we will begin
using a self-serve agenda page for our Tuesday calls. The page is posted at: http://wiki.oasis-open.org/xri/SelfServeAgenda The rule is: first come first served for
listing issues for discussion. If no issues are pressing enough to be posted
that week, then we won't hold the Tuesday call. Thursday calls will continue to have a
"managed agenda" so they provide a constant weekly sync point. # DRUMMOND to extend XRI and XDI TC call
dates in the OASIS calendar. Drummond also noted that he will not be
able to attend next Thursday's telecon due to travel. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]