OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes: XRI TC Telecon 2-3PM PT Thursday 2009-10-29

Following are the minutes of the unofficial telecon of the XRI TC at:

Date:  Thursday, 29 October 2009 USA
Time:  2:00PM - 3:00PM Pacific Time (21:00-22:00 UTC)



John Bradley

Will Norris

Bob Morgan

Peter Davis

Scott Cantor

Drummond Reed

Nat Sakimura

George Fletcher

Eran Hammer-Lahav



We went over the list of requested corrections from TC Admin Mary McRae:



Most of these are controlled by the XSLT style sheet. Will is working with what he believes in a newer version of the style sheet but needs to clarify this with Mary. He noted that even this new style sheet still continues to generate italized vs. ALL CAPS for normative words.


We also discussed the acknowlegement section and Mary’s feedback there. Drummond will check with Mary about whether we can add a paragraph at the very end with non-TC acknowledgements.


Drummond said that several folks have asked him whether XRD could be used for describing the security policy for a relying party website for use with identity protocols like OpenID and Information Cards. George pointed out that the UMA work at Kantara is also using XRD for discovery of various related resources.


There was consensus that the current design of XRD is not as a policy expression language, but that discovery of the types of protocols an RP supports, and the location of policy expression documents, is definitely in scope. So it is fine to have the XRD point to another document that describes the security policy of the site. This other document may be protocol-specific or protocol-independent as needed.


The question of how valuable it is to embed policy expression directly in the XRD to avoid additional roundtrips is debatable. Especially for very large metadata files (e.g., SAML metadata in some cases), it would not make sense, however for small metadata files it could. For example, Peter explained that some time back he had published a proposal for how to publish a SAML entity descriptor inside an XRD.


Eran suggests the rule of thumb is, “If XRD can describe it, great, otherwise link to it.”




Eran has published new LRDD and host-meta drafts and encourages feedback both within the TC and at Internet Identity Workshop (IIW). With regard to LRDD, it now has three simple “selection profiles”: Host-priority, Resource-priority, Equal-priority. So anyone using LRDD will need to specify: a) the relation type they are using, and b) the priority profile you are using.


Drummond said he’s planning to hold a session at IIW on XRD and XRI Resolution 3.0 and would like take advantage of Eran’s and other’s thinking about best practices for using XRD in this specific context.


John asked Eran about use of host-meta by different protocols – can one host-meta work for all of them (e.g., http: and https:)? There are two basic options: a) declare that there is only one host-meta for the host – that is available via either http: or https:, or b) make it possible for host-meta to cover only specific protocols on specific ports.


Will put it this way: “Is host-meta about the host, or it is about a set of resources?” John said his definition of “host” is “the subject of an SSL certificate”. Eran pointed out that a pure host – as opposed to a host:port combination, is very hard to define.


We ran out of time to further discuss it on the call but there was agreement this will make a good session for next week at IIW.


Drummond is nearly compete and plans to publish it before IIW. There is one question about relative XRIs but he will note that within this working draft.


There will be NO CALL next week due to IIW. The next call will be in two weeks.






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]