Re: [xri] XRD: Separating resource descriptions from authority

[John Bradley <jbradley@mac.com>]

--Apple-Mail-216--785924352
Content-Type: multipart/alternative;
	boundary=Apple-Mail-215--785924555


--Apple-Mail-215--785924555
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: 7bit

I have always thought about an XRD as being about an entity.

That entity has one identity that is canonical and may have any number  
of aliases that resolve to meta data about the entity.

In XRI entities are "non-information resources", in the XRD spec  
things are complicated in that the meta-data may be associated with a  
"information resource" or "non-information resource".

The entity described by the XRD may have any number of "relationships"  
to services.

All of the statements in an XRD are considered self asserted by the  
cannonicalID entity.

The validity of the alias otherwise known as equivid are verified by  
resolving them and assuring yourself they resolve to the same verified  
cannionicalID.

For Services/relationsips we have the LocalID element.  This indicates  
that the XRD entity is asserting that that the entity referd to by  
that relationship know it by somme other identifier indicated by the  
LocalID element.
This is how openID delegation works currently.

As a service/relationship currently only has one LocalID element I  
would say that if you have multiple URI elements in a service/ 
relationship they need to refer to the same target entity.

If you have multiple relationships for the same type of service they  
should each be separate service/relationship elements.

=jbradley


On 27-Jan-09, at 8:44 AM, Nat Sakimura wrote:

>
>
> --------------------------------------------------
> From: "Dirk Balfanz" <balfanz@google.com>
> Sent: Tuesday, January 27, 2009 1:14 PM
> To: "Eran Hammer-Lahav" <eran@hueniverse.com>
> Cc: <xri@lists.oasis-open.org>
> Subject: Re: [xri] XRD: Separating resource descriptions from  
> authority
>
>> On Mon, Jan 26, 2009 at 7:51 PM, Eran Hammer-Lahav <eran@hueniverse.com 
>> > wrote:
>>>> > The CanonicalID seems to be used exclusively for trust, which  
>>>> makes me
>>>> > wonder if we shouldn't add a separate trust element that is  
>>>> about the > XRD
>>>> > and not about the resource. One such idea looks like this:
>>>>
>>>> To be honest, I'm not quite sure what the difference of <About> and
>>>> <CanonicalID> is, but then I've only thought about this in the  
>>>> context
>>>> of OpenID discovery. If you give us <About>, I don't think we need
>>>> <CanonicalID>, at least not for OpenID discovery :-)
>>>
>>> You can have a single <CanonicalID> but many <About>s.
>>
>> Ah, but only if the answer to one of your other questions is that one
>> XRD can be about multiple resources, right?
>>
>
> No. It is the case of one resource with multiple uri.
>
> =nat
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php


--Apple-Mail-215--785924555
Content-Type: text/html;
	charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; ">I have always thought about an =
XRD as being about an entity.<div><br></div><div>That entity has one =
identity that is&nbsp;canonical&nbsp;and may have any number of aliases =
that resolve to meta data about the entity.</div><div><br></div><div>In =
XRI entities are "non-information resources", in the XRD spec things are =
complicated in that the meta-data may be associated with a "information =
resource" or "non-information resource".</div><div><br></div><div>The =
entity described by the XRD may have any number of "relationships" to =
services.</div><div><br></div><div>All of the statements in an XRD =
are&nbsp;considered&nbsp;self asserted by the cannonicalID =
entity.</div><div><br></div><div>The validity of the alias otherwise =
known as equivid are verified by resolving them and assuring yourself =
they resolve to the same verified =
cannionicalID.</div><div><br></div><div>For Services/relationsips we =
have the LocalID element. &nbsp;This indicates that the XRD entity is =
asserting that that the entity referd to by =
that&nbsp;relationship&nbsp;know it by somme other identifier indicated =
by the LocalID element.</div><div>This is how openID delegation works =
currently.</div><div><br></div><div>As a =
service/relationship&nbsp;currently only has one LocalID element I would =
say that if you have multiple URI elements in a =
service/relationship&nbsp;they need to refer to the same target =
entity.</div><div><br></div><div>If you have multiple relationships for =
the same type of service they should each be separate =
service/relationship =
elements.</div><div><br></div><div>=3Djbradley</div><div><br></div><div><b=
r><div><div>On 27-Jan-09, at 8:44 AM, Nat Sakimura wrote:</div><br =
class=3D"Apple-interchange-newline"><blockquote =
type=3D"cite"><div><br><br>-----------------------------------------------=
---<br>From: "Dirk Balfanz" &lt;<a =
href=3D"mailto:balfanz@google.com";>balfanz@google.com</a>><br>Sent: =
Tuesday, January 27, 2009 1:14 PM<br>To: "Eran Hammer-Lahav" &lt;<a =
href=3D"mailto:eran@hueniverse.com";>eran@hueniverse.com</a>><br>Cc: =
&lt;<a =
href=3D"mailto:xri@lists.oasis-open.org";>xri@lists.oasis-open.org</a>><br>=
Subject: Re: [xri] XRD: Separating resource descriptions from =
authority<br><br><blockquote type=3D"cite">On Mon, Jan 26, 2009 at 7:51 =
PM, Eran Hammer-Lahav &lt;<a =
href=3D"mailto:eran@hueniverse.com";>eran@hueniverse.com</a>> =
wrote:<br></blockquote><blockquote type=3D"cite"><blockquote =
type=3D"cite"><blockquote type=3D"cite">> The CanonicalID seems to be =
used exclusively for trust, which makes =
me<br></blockquote></blockquote></blockquote><blockquote =
type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">> =
wonder if we shouldn't add a separate trust element that is about the > =
XRD<br></blockquote></blockquote></blockquote><blockquote =
type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">> and =
not about the resource. One such idea looks like =
this:<br></blockquote></blockquote></blockquote><blockquote =
type=3D"cite"><blockquote type=3D"cite"><blockquote =
type=3D"cite"><br></blockquote></blockquote></blockquote><blockquote =
type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">To be =
honest, I'm not quite sure what the difference of &lt;About> =
and<br></blockquote></blockquote></blockquote><blockquote =
type=3D"cite"><blockquote type=3D"cite"><blockquote =
type=3D"cite">&lt;CanonicalID> is, but then I've only thought about this =
in the context<br></blockquote></blockquote></blockquote><blockquote =
type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">of =
OpenID discovery. If you give us &lt;About>, I don't think we =
need<br></blockquote></blockquote></blockquote><blockquote =
type=3D"cite"><blockquote type=3D"cite"><blockquote =
type=3D"cite">&lt;CanonicalID>, at least not for OpenID discovery =
:-)<br></blockquote></blockquote></blockquote><blockquote =
type=3D"cite"><blockquote =
type=3D"cite"><br></blockquote></blockquote><blockquote =
type=3D"cite"><blockquote type=3D"cite">You can have a single =
&lt;CanonicalID> but many =
&lt;About>s.<br></blockquote></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">Ah, but only if =
the answer to one of your other questions is that =
one<br></blockquote><blockquote type=3D"cite">XRD can be about multiple =
resources, right?<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><br>No. It is the case of one resource =
with multiple uri.<br><br>=3Dnat =
<br><br>------------------------------------------------------------------=
---<br>To unsubscribe from this mail list, you must leave the OASIS TC =
that<br>generates this mail. &nbsp;Follow this link to all your TCs in =
OASIS at:<br><a =
href=3D"https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups=
.php">https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.p=
hp</a> <br></div></blockquote></div><br></div></body></html>=

--Apple-Mail-215--785924555--

--Apple-Mail-216--785924352
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGrzCCAz8w
ggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcx
KDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0
ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxA
dGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpB
MSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg
UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
xKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7d
yfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/
p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDow
OKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3Js
MAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgw
DQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A
9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYI
Tq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8wggNoMIIC0aADAgECAhAd94+bIYviuSaQ
w/qU/yWPMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29u
c3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNz
dWluZyBDQTAeFw0wODEyMTIwMTU0MzFaFw0wOTEyMTIwMTU0MzFaMIGfMR8wHQYDVQQDExZUaGF3
dGUgRnJlZW1haWwgTWVtYmVyMR8wHQYJKoZIhvcNAQkBFhBqYnJhZGxleUBtYWMuY29tMR4wHAYJ
KoZIhvcNAQkBFg9qYnJhZGxleUBtZS5jb20xHTAbBgkqhkiG9w0BCQEWDnZlN2p0YkBtYWMuY29t
MRwwGgYJKoZIhvcNAQkBFg12ZTdqdGJAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAxB2GGbZ5p8mVtg16CSDXeF8F3D+5sbs8L4b/YrHt/BvtQdE8GY202cUko/b/rXTUA0JC
XZRDrOiH7ZxcqI4alJNel9AcSLepcdHN4+t2zhvWilm+YF0/r6m/1PikkVT9TWic61IZMpNWIUkk
A+MWzEjChYPefdSMhxikhhMFZ0sv2qPE9pmdaPtD2uF4MwKnIzdZYo+X7rWoaXHIdsZwZDU3HdR5
rVuK5s9xvRED7TZgwE1/yHzHnTbedUWPdNNUlL24Jp3iiVzjZan8zOCn6x4b8O1QPN5b/FOZrerq
FDZ2zhIBsWEcKdIxqIqPdVkrYvEfGBLMe1QIORu0J56L/QIDAQABo10wWzBLBgNVHREERDBCgRBq
YnJhZGxleUBtYWMuY29tgQ9qYnJhZGxleUBtZS5jb22BDnZlN2p0YkBtYWMuY29tgQ12ZTdqdGJA
bWUuY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEADhjvX5w/BXN7OL5y1ZfydfmJ
RKezNqugUDf8XbKmmMR/o+vjx395pBpO9QF8hQwtKNDuvoxLTNDMWdcCNbvaEpqREXc7liV9FfA5
ndAB1VgDqYDjY9M9LU54LH8uqEx7+pX6qa6KoR8eRHby9zi+iuSkJ4GLI59RBnVI54x4/acxggMQ
MIIDDAIBATB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5
KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQHfeP
myGL4rkmkMP6lP8ljzAJBgUrDgMCGgUAoIIBbzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG
CSqGSIb3DQEJBTEPFw0wOTAxMjcxNTU3MTBaMCMGCSqGSIb3DQEJBDEWBBT+odvs/rRSIkOfZSD9
BnOT7bBWlzCBhQYJKwYBBAGCNxAEMXgwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3Rl
IENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWls
IElzc3VpbmcgQ0ECEB33j5shi+K5JpDD+pT/JY8wgYcGCyqGSIb3DQEJEAILMXigdjBiMQswCQYD
VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMj
VGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEB33j5shi+K5JpDD+pT/JY8wDQYJ
KoZIhvcNAQEBBQAEggEAT+UhN8LA8zP48SXHqdamA6SL2S5Z13av6DbfAjwRHnBnuNi/3y44nKCW
12jX7rXsiYXWGDIP2Nmyy61x9I9t3OyPeTH1rD1QGlHQmeqb33B2Qq5xU00b+tNq1sbcfxhmsGsV
i3D0ikgLYMevqeTAv5ivRavHjR5QE6MUbmJ6fpD0gj4ppemg5c4MqNeSTyZK4IE1LbcUa1hZSCQp
GKQWy77lT9L2n45Pt87OlD+BA7SGbG5UCh41O9XiksgoMdqYF3wb5TiR13CZBE5F14ST8OMVzb1M
chIqYXkTIRR0D8EjqXtFty8Flng2gAnh0q1KOAuqNT6yhavd0ZuThZ8aUwAAAAAAAA==

--Apple-Mail-216--785924352--