RE: [xri] A question of conformance

["Scott Cantor" <cantor.2@osu.edu>]

Will Norris wrote on 2010-01-12:
> Are we comfortable saying that these are all conforming "XRD Documents"?
Or
> rather does the definition of an "XRD Document" need to be constrained to
> documents which have a root element of <XRD> (and maybe <XRDS>)?  If we
> don't constrain the definition, then this has interesting implications for
> the conformance requirements of XRD consumers.

I assumed you would constrain it in prose, sorry if that wasn't explicit.

> ## Signature Algorithm
> 
> On the call, Scott mentioned that support for RSA-256 should be required
of
> both XRD providers and consumers (or at least those that support XRD
> Signatures).

You should be clear in conformance that this about *implementations*. Saying
just providers or consumers tends to confuse people into thinking it means
deployments or use cases.

> I understand what it means for consumers to be required to
> support this, but I'm not sure what it really means for providers.

It means implementations have to support a particular algorithm. What a
deployment *uses* is completely irrelevant.

> supported.  But what good is requiring RSA-256 support from providers if
> they can simply always publish using something else?

Publish is a verb related to a deployer. This isn't about deployers.

-- Scott