[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] xml dsig profile
Hi Gabe, This has concerned me as well. In the initial use case for XRD discovery via URI Eran and others are making the assumption that the signature checking is done on the original byte stream before XML processing. The only problem with this is that you need to process the XML to find the location of the detached sig. But keeping the original octet string around is not a huge problem in most cases. For XRI where we want to construct an XRDS it is more on an issue. We have discussed base64 encoding the XRD octet string so that it can be included as an element of the XRDS. I don't think we have reached a conclusion on how best to do that with an XRDS. Questions like do you have both the encoded and decoded version in the XRDS still are outstanding. Interestingly enough I suspect that the XRDS form may be needed for URI as well if a resolver is walking a chain of URI identifiers following delegations looking for a service. I am perhaps the only one thinking that though. We talked about it on the call Thursday. Think of URI as one subsegment XRI. If the form of the XRD allows delegation/refs/redirects etc even though you start with a single subsegment you may traverse some number of XRDs to find the service/relationship that you are looking for. This also means that any URI that has a XRI authority service in its XRD could be a valid subsegment. A common case might be: $(boeing.com)*jbradley Using the URI as the first subsegment via a cross ref make sense. What URIs mean as other subsegments other than opaque cross-references I don't know. =jbradley On 8-Feb-09, at 4:46 PM, Gabe Wachob wrote:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]