Minutes: XRI TC Telecon 2-3PM PT Thursday 2009-02-05

["Drummond Reed" <drummond.reed@cordance.net>]

Following are the minutes of the unofficial telecon of the XRI TC at:

Date:  Thursday, 05 February 2009 USA
Time:  2:00PM - 3:00PM Pacific Time (22:00-23:00 UTC)

ATTENDING

Markus Sabadello
John Bradley
Nick Nicholas
Drummond Reed
Peter Davis
Brian Eaton
Tatsuki Sakushima
Eran Hammer-Lahav


REGRETS

Nat Sakimura


AGENDA

1) DNS DISCOVERY UPDATE

Peter and Brian have been having a conversation about the DNS trust profile.
The thread starts here:

	http://lists.oasis-open.org/archives/xri/200902/msg00016.html

The DNS Authority Trust Profile is here:

	http://wiki.oasis-open.org/xri/XrdOne/TrustProfileDNSAuthority  

Brian said that in the HTTP authority trust profile, you "know what you are
looking for before you leave home". In the DNS trust profile, he feels that
the first step is asking "someone else" for the binding between the
identifier that you start with, and that introduces the trust issue. Brian
feels that the XRD that's returned must have a signed statement that it is
about the identifier about which you performed discovery. This
"resource-name-to-document-binding" should be something you can verify by a
signature on the document.

He said there is an explicit requirement that you should be able to follow
any number of intermediate redirects and at the point when you finally
obtain a discovery document, that's when you can verify the document is
authoritative to the resource name (identifier) that you started with.

Drummond summarized that was the issue he was discussing with Brian in email
in December. XRI has long had the use case that you need to be able to start
with identifier A, discovery identifier B (with XRD B), identifier C (with
XRD C), and so on, until you end out with XRD X that says it describes
identifier X. By verifying each step in the process, you verify that
identifier A and identifier X are synonyms for the same resource.

John pointed out that with URIs, the ability to have synonyms may be
constrained by the host that has the signing certificate.

The action items were:

# PETER will review Brian's HTTP Authority Trust Profile and add points to
his DNS trust profile to harmonize them.


2) XRD 1.0 - CONTEXT URI DISCUSSION

Eran explained that the HTTP Resource Descriptor Discovery (HRDD) spec is
about obtaining the descriptor for the resource identified by a URI.
Although HTTP is the protocol described for obtain the XRD, it doesn't
matter how many redirects may be involved. Also, the HTTP response code from
a link header is not relevant - only the link header itself.

Eran also explained that a chain of URIs may delegate to each other, and a
set of XRDs that delegate to each other (an XRD may delegate all of itself -
or just a link - to another XRD). This is where trust comes in.

Eran explain that the HRDD spec cannot do anything else because /host-meta
(formerly /site-meta) and link elements cannot deal with redirects or return
codes. All three mechanisms must be parallel; all three can only accept one
URI and give you the XRD associated with it.

Thus any response code, other than the final 200 when obtaining a valid XRD,
are out-of-scope. (Eran described HTTP 300 response codes and the fact that
they can return multiple URIs. This can be used for what is called
"transparent content negotiation".)

So Eran is updating the HRDD draft to reflect this new separation between
URIs resolution and XRDs. 

# ERAN is working out to push this new HRDD draft. The new /host-meta draft
is ready and going through checks. A new Link Header draft is also part of
this package.


3) XRD 1.0 - OTHER DISCOVERY/SCHEMA ISSUES

Eran has been focused mostly on discovery so the schema work is lagging. 

# ERAN will post an summary of the schema to the mailing list. (DONE)


4) NEXT CALL & SELF-SERVE AGENDA PAGE

A reminder to use the self-serve agenda page for next Tuesday's call:

	http://wiki.oasis-open.org/xri/SelfServeAgenda