OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xri] Summary on trust/KeyInfo issues



Scott Cantor wrote:
> This was the rough consensus I was seeking:
>
> - There's a use case for expressing keys controlled by the XRD Subject at
> some level of the XRD (perhaps top level, perhaps not). The details of the
> use case(s) need to be determined before deciding exactly what the syntax
> would be. It may be ds:KeyInfo alone, might need a wrapper or extension a la
> SAML needed.
>    
In today's con-call, I think there were three types of keys to be 
expressed in XRD.

(1) Key of the Subject
(2) Key of the Signatory
(3) Key of the linked XRD.

I have created a use case page at:

http://wiki.oasis-open.org/xri/XrdOne/KeyInfoUseCase

Please start adding use cases.
John, could you add XRI resolution there?

> - The bootstrapping of trust in the signer of an initial XRD would be left
> unspecified other than to note the fact that it needs to be accomplished in
> whatever manner is acceptable to the RP.
>    
+1
> - The mode of delegation with links or the proposed SeeAlso notion that
> includes a ds:KeyInfo represents a framework for matching the key
> information on the linker and the signer[1] of the linkee. The spec would
> include one formalization of this framework in which only X509Certificate
> and KeyValue are MTI elements, and the matching process is by key comparison
> alone. The ds:KeyInfo on the linker side would be multiply occurring.
>
> [1] Needs to be explicit...is it the signer of the linked XRD whose key is
> being expressed in the link or the *subject* of the linked XRD?
>    
I think it should be the signer (signatory).
Perhaps we can express both Key and Subject in the link, so that it will 
look like:

<Link>
<rel>http://xri.net/nextauthority</rel>
<url>http://example.com/server/endpoint</url>
<Subject>example.com</Subject>
<KeyInfo>
         ...
</KeyInfo>
</Link>
> -- Scott
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]