[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] Second thoughts
If I understand correctly, we're setting up a profile for XRD which uses
XML DSig... this doesn't preclude other security profiles does it?
Also, could you point to more specifics of where the,
"canonicalization-free signatures..." are mentioned in the specs. Do you
mean something like what is mentioned in the OAuth WRAP spec at the
beginning of section 1.1 (taken from the WRAP spec):
---
The Access Token is opaque to the Client, and can be any format agreed
to between the Authorization Server and the Protected Resource
enabling existing systems to reuse suitable tokens, or use a standard
token format such as a Simple Web Token or JSON Web Token.
----
Nika
> Looking at developments since our decision to use XML DSig to sign XRD
> documents:
>
> - OAuth WRAP was launched with canonicalization-free signatures for tokens
> - Proposal for Salmon signatures based on canonicalization-free
> signatures on streams
>
> I am increasingly concerned that the directions is going away, not
> towards, meeting XML DSig.
>
> --
> --Breno
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail. Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]