[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] Summary on trust/KeyInfo issues
Scott Cantor wrote: > This was the rough consensus I was seeking: > > - There's a use case for expressing keys controlled by the XRD Subject at > some level of the XRD (perhaps top level, perhaps not). The details of the > use case(s) need to be determined before deciding exactly what the syntax > would be. It may be ds:KeyInfo alone, might need a wrapper or extension a la > SAML needed. > In today's con-call, I think there were three types of keys to be expressed in XRD. (1) Key of the Subject (2) Key of the Signatory (3) Key of the linked XRD. I have created a use case page at: http://wiki.oasis-open.org/xri/XrdOne/KeyInfoUseCase Please start adding use cases. John, could you add XRI resolution there? > - The bootstrapping of trust in the signer of an initial XRD would be left > unspecified other than to note the fact that it needs to be accomplished in > whatever manner is acceptable to the RP. > +1 > - The mode of delegation with links or the proposed SeeAlso notion that > includes a ds:KeyInfo represents a framework for matching the key > information on the linker and the signer[1] of the linkee. The spec would > include one formalization of this framework in which only X509Certificate > and KeyValue are MTI elements, and the matching process is by key comparison > alone. The ds:KeyInfo on the linker side would be multiply occurring. > > [1] Needs to be explicit...is it the signer of the linked XRD whose key is > being expressed in the link or the *subject* of the linked XRD? > I think it should be the signer (signatory). Perhaps we can express both Key and Subject in the link, so that it will look like: <Link> <rel>http://xri.net/nextauthority</rel> <url>http://example.com/server/endpoint</url> <Subject>example.com</Subject> <KeyInfo> ... </KeyInfo> </Link> > -- Scott > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]