OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xri] xml dsig profile


Finally, I am coming back.

So, what is the status of XRD signature argument right now?

=nat

--------------------------------------------------
From: "Peter Davis" <peter.davis@neustar.biz>
Sent: Thursday, March 05, 2009 7:05 AM
To: "Brian Eaton" <beaton@google.com>
Cc: "George Fletcher" <george.fletcher@corp.aol.com>; "=JeffH" 
<Jeff.Hodges@kingsmountain.com>; <xri@lists.oasis-open.org>
Subject: Re: [xri] xml dsig profile

> On Mar 4, 2009, at 12:44 PM, Brian Eaton wrote:
>
>> On Wed, Mar 4, 2009 at 6:54 AM, George Fletcher
>> <george.fletcher@corp.aol.com> wrote:
>>> But the need to expose these different endpoints is already a use
>>> case. I
>>> want my PoCo and ActivityStream endpoints listed in my XRD. How do
>>> they get
>>> there? Do I (the user) have to add them myself? Does the service that
>>> generates the XRD have to provide UI to the user and present them
>>> all the
>>> choices for what to add? That won't scale.
>>
>> That challenge needs to be addressed independent of any questions
>> about XML DSIG vs Simple Sign vs Magic Security Dust.
>
> Well, sort of.  It will be a challenge, i think to concoct a non-
> XMLDsig mode of signing document portions (rather than the entire XML
> stream).  But I am not wed to signatures forms, as much as I am the
> use case i described.
>
>> Once we figure out the flows involved in managing XRDs, I think we'll
>> end up at a point where each XRD for each user has either no signature
>> (for use cases where security is not critical) or one signature.
>
> Perhaps.  I have a few projects afoot which would benefit greatly from
> service-level signing by different parties.  FWIW, any use case that
> could be applied to a regulated space (eg: any US Corporation, Gov't
> agency, etc...) will likely require some form of service
> authentication (but perhaps not always at service discovery time)
>
>>
>>
>> The single signature case would work as follows:
>>
>> Actors: user, XRD host, third party
>>
>> 1) Third party gets permission to modify the XRD for the user.  That
>> could be via an OAuth approval, or something out of band.
>>
>> 2) Third party sends a message to XRD host asking to add a service
>> entry.
>>
>> 3) XRD host adds the entry, resigns the XRD for the user.
>
> Right, this will work for many cases, but not for mine :-(
>
>> One key is all that's necessary, because the XRD for the user is *only
>> making statements about the user*.  If you want authoritative data
>> about the service, you need to go ask the service for that.
>>
>> So, yes, I see a need for service discovery and publication, no, I
>> don't see a need for a single XRD to have multiple entries signed by
>> different entities.
>
> Peter Davis: NeuStar, Inc.
> Director & Distinguished Member of the Technical Staff
> 45980 Center Oak Plaza Sterling, VA 20166
> [T] +1 571 434 5516 [E] peter.davis@neustar.biz [W] 
> http://www.neustar.biz/
>  [X] xri://@neustar*pdavis [X] xri://=peterd
> The information contained in this e-mail message is intended only for
> the use of the recipient(s) named above and may contain confidential
> and/or privileged information. If you are not the intended recipient
> you have received this e-mail message in error and any review,
> dissemination, distribution, or copying of this message is strictly
> prohibited. If you have received this communication in error, please
> notify us immediately and delete the original message.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
> 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]