Summing up the discussion, current xrd proposal is looking like this.(Am I right?)
<xrd> <Subject set="beginswith">...</Subject> <Alias>...</Alias> <KeyDescriptor use="*"> <ds:KeyInfo> ... </ds:KeyInfo> </KeyDescriptor> <ds:Signature> <ds:KeyInfo> ... </ds:KeyInfo> </ds:Signature> <link> <rel>...</rel> <uri>...</uri> <Subject>...</Subject> <ds:KeyInfo> ... </ds:KeyInfo> </link> </xrd>
Description
xrd/Subject : Type=URI. Subject Identifier or portion of Subject Identifier. CanonicalID in XRDS.
xrd/Subject/@set : (Option) Can specify “beginswith” to signify that the URI is only partial and beginswith the string.
xrd/Alias: Alias URI for the Subject.
xrd/KeyDescriptor: Wrapper element for ds:KeyInfo for the Subject.
xrd/KeyDescriptor/@use : Specify the usage of the KeyInfo, e.g., Signature, Encription, etc.
xrd/ds:Signature: Expresses the Signatory and the Signature over this XRD.
xrd/link: Shows the relationship that this Subject perceives against other subject.
xrd/link/Subjct: the Subject of the linked XRD.
xrd/link/ds:KeyInfo: has the public key of the Subject of the linked XRD. The linked XRD will be signed by the private key that corresponds to this public key, users can verify that the link is actually an inteded one.
Discussion Points
- Do we really need KeyDescriptor?
- Do we really need xrd/link/Subject? Would not xrd/link/uri suffice?
Scott Cantor wrote:
Nat Sakimura wrote on 2009-07-17:
In today's con-call, I think there were three types of keys to be
expressed in XRD.
(1) Key of the Subject
(2) Key of the Signatory
(3) Key of the linked XRD.
Right. I just needed to clarify which key (3) was referencing.
[1] Needs to be explicit...is it the signer of the linked XRD whose key
is
being expressed in the link or the *subject* of the linked XRD?
I think it should be the signer (signatory).
That's fine, I just wanted to make sure we were clear on it.
Perhaps we can express both Key and Subject in the link, so that it will
look like:
Doesn't seem like a problem to combine the two features to me.
-- Scott