xri message

Subject: RE: [xri] subject sets (also sort of: Agenda for August 6, 2009call)

From: Eran Hammer-Lahav <eran@hueniverse.com>
To: "cantor.2@osu.edu" <cantor.2@osu.edu>, 'Will Norris'<will@willnorris.com>, 'XRI TC' <xri@lists.oasis-open.org>
Date: Sat, 8 Aug 2009 13:02:38 -0700

That's what we set to do. If the trust section does not provide this as a complete solution, it is pointless.

EHL

> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: Saturday, August 08, 2009 12:07 PM
> To: Eran Hammer-Lahav; 'Will Norris'; 'XRI TC'
> Subject: RE: [xri] subject sets (also sort of: Agenda for August 6,
> 2009 call)
> 
> Eran Hammer-Lahav wrote on 2009-08-07:
> > We need a simple way to verify the association between the Subject of
> the
> > XRD and the certificate used to sign it. The requirement we have is
> to
> have
> > a way to guarantee that the same entity which controls the domain
> name in
> > the Subject, controls the certificate as well, and signed the XRD.
> >
> > You can sign an XRD using anything, but our focus has been on the
> resource
> > owner being able to describe the resource (Subject) and sign it in a
> way
> > that a client can confirm that it was really the resource owner who
> > described it. Since we are dealing with many limitations, we decided
> to
> > limit this to the authority level (which is defined in 3896).
> 
> That's all perfectly appropriate for a profile, but I think it's
> orthogonal
> to the basic XRD specification.
> 
> -- Scott
>

Follow-Ups:
- RE: [xri] subject sets (also sort of: Agenda for August 6, 2009 call)
  - From: "Scott Cantor" <cantor.2@osu.edu>

References:
- subject sets (also sort of: Agenda for August 6, 2009 call)
  - From: Will Norris <will@willnorris.com>
- RE: [xri] subject sets (also sort of: Agenda for August 6, 2009call)
  - From: Eran Hammer-Lahav <eran@hueniverse.com>
- RE: [xri] subject sets (also sort of: Agenda for August 6, 2009 call)
  - From: "Scott Cantor" <cantor.2@osu.edu>