OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: The elements formerly known as TargetAuthority and TargetSubject

Talked with Drummond just now to understand this subject.

Here is the summary.

Let there be two XRDs, XRD1 and XRD2.
XRD1 delegates some functionality to XRD2 through Link relationship.

There are two steps in the trust establishment.

1. Root XRD Trust
2. Delegation

1. Root XRD Trust

The starting XRD, in this case, XRD1 MUST be signed in such a way

  Case A) : A Priori Known Trust
    The community in question knows an a priori known DSA public key value, 

  Case B) : Third Party X.509 Certificate
    In this case, XRD/ds:KeyInfo/X509Data/ must somehow related to
    <<<< This needs to be defined!

    One proposal is that CN of the certificate is a substring
    of the Subject. e.g, CN of the Certs = example.com OR
     SubjectAltName includes example.com, etc.

    <<<< In OpenID Case, especially in XRI case, this may be too weak.
     http://xri.net/ is not authoritative on http://xri.net/=sakimura.
     Perhaps we should require one of SubjectAltName match the
     XRD/Subject ?

2. Delegation

   For delegation, besides XRD2's integrity is ok as in 1. above,

  Case A) If XRD1/Link has Subject,
     XRD1/Link/Subject MUST match XRD2/Subject

  Case B) Else
     XRD1/Link/ds:KeyInfo == XRD2/ds:KeyInfo

     <<<< OR shall we just say that
        pub key in the XRD1/Link/ds:KeyInfo
        == pub key in the XRD2/ds:KeyInfo ?


From: "Drummond Reed" <drummond.reed@cordance.net>
Sent: Wednesday, July 01, 2009 1:10 PM
To: "Sakimura Nat" <n-sakimura@nri.co.jp>; "'Breno de Medeiros'" 
<breno@google.com>; "'XRI TC'" <xri@lists.oasis-open.org>
Subject: The elements formerly known as TargetAuthority and TargetSubject

> I finished the promised wiki page and posted it to:
>        http://wiki.oasis-open.org/xri/XrdOne/TrustElements
> As always, doing a full writeup of the functional definitions of the
> elements shed surprising light on both of them. In fact it led to a very
> unexpected conclusion about their respective names, which I guarantee will
> surprise you.
> Please read it over and post your thoughts -- the sooner the better, as 
> this
> is clearly an issue we must close before we are ready for a Committee 
> Draft.
> =Drummond
>> -----Original Message-----
>> From: Drummond Reed [mailto:drummond.reed@cordance.net]
>> Sent: Tuesday, June 30, 2009 12:10 PM
>> To: 'Nat Sakimura'; 'Breno de Medeiros'; 'XRI TC'
>> Subject: RE: [xri] TargetAuthority and TargetSubject
>> I had an action item from the last telecon to send a proposal wrt the
>> element name TargetAuthority too.
>> I have found that when it comes to the semantics of XML element names, it
>> is
>> best to try to derive the semantic name on the basis of a shared
>> functional
>> definitions and not the other way around.
>> I have started drafting a wiki page to do this but need to head out to a
>> series of meetings this afternoon - I'll post the page as soon as I get
>> back.
>> =Drummond

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]