[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xri] Minutes: XRI TC Telecon 2-3PM PT Thursday 2009-07-16
Markus Sabadello wrote on 2009-07-20: > I assume that the "ds:KeyInfo at the XRD level" idea will be the mechanism > of choice for XRI-based applications such as XDI messaging. > I.e. when =markus sends a signed XDI message to =drummond, the signature can > be verified by discovering =markus' key from his XRD. If you want to use a signed XRD as the moral equivalent of a certificate, then yeah, that's pretty much the issue. > From an XRI perspective I think it makes total sense to have the "key info > of the XRD Subject" at the XRD level. Spec-wise, what's needed is a determination as to the scope of use cases to meet. In SAML metadata, the delta between "KeyInfo" and what was specified was the ability to have multiple keys (easily met by making KeyInfo unbounded), to delineate specific keys for the purposes of signing (incl. TLS) and encryption, and to add some fairly non-well-thought-out bits for encryption algorithm support. The delta here may be less, the same, or more. I'm not really equipped to answer that. Something SAML should have done but didn't is make the KeyDescriptor wrapper more extensible. Having something to use later and just leave relatively empty for now is probably the best compromise. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]