xri message

Subject: RE: [xri] subject sets (also sort of: Agenda for August 6, 2009 call)

From: "Scott Cantor" <cantor.2@osu.edu>
To: "'Eran Hammer-Lahav'" <eran@hueniverse.com>,"'Will Norris'" <will@willnorris.com>,"'XRI TC'" <xri@lists.oasis-open.org>
Date: Sat, 8 Aug 2009 15:07:06 -0400

Eran Hammer-Lahav wrote on 2009-08-07:
> We need a simple way to verify the association between the Subject of the
> XRD and the certificate used to sign it. The requirement we have is to
have
> a way to guarantee that the same entity which controls the domain name in
> the Subject, controls the certificate as well, and signed the XRD.
> 
> You can sign an XRD using anything, but our focus has been on the resource
> owner being able to describe the resource (Subject) and sign it in a way
> that a client can confirm that it was really the resource owner who
> described it. Since we are dealing with many limitations, we decided to
> limit this to the authority level (which is defined in 3896).

That's all perfectly appropriate for a profile, but I think it's orthogonal
to the basic XRD specification.

-- Scott

Follow-Ups:
- RE: [xri] subject sets (also sort of: Agenda for August 6, 2009call)
  - From: Eran Hammer-Lahav <eran@hueniverse.com>

References:
- subject sets (also sort of: Agenda for August 6, 2009 call)
  - From: Will Norris <will@willnorris.com>
- RE: [xri] subject sets (also sort of: Agenda for August 6, 2009call)
  - From: Eran Hammer-Lahav <eran@hueniverse.com>