Minutes: XRI TC Telecon 2-3PM PT Thursday 2010-04-01

[Drummond Reed <drummond.reed@xdi.org>]

Following are the minutes of the unofficial telecon of the XRI TC at:

Date:  Thursday, 01 April 2010 USA
Time:  2:00PM - 3:00PM Pacific Time (21:00-22:00 UTC)

ATTENDING

Will Norris
Breno de Medeiros
Markus Sabadello
John Bradley
Joe Boyle
Drummond Reed


AGENDA


1) PROPOSAL FOR AN X.509-BASED XRI TRUST PROFILE

            http://lists.oasis-open.org/archives/xri/201001/msg00083.html

Breno described the current state of the spec as follows.

It starts by defining three identifier sets:
	1) Application-supplied resource identifier
	2) XRD internal identifiers (Subject, Alias, extension)
	3) Certification subject identifiers

Inputs are:
	1) Signed XRD document
	2) A list of trusted certificates
	3) An application-supplied URI

Validation:

	1) Extract XRD internal identifiers from XRD
	2) Compare with XRD internal identifiers – no match = FAIL
	3) From XRD signature element, extract X.509 cert
	4) From X.509 cert, extract Cert subject identifiers
	5) Perform authority match between the Cert subject identifier and
the application-supplied resource identifiers – no match = FAIL

We had a long discussion about what can be deduced (i.e., what can be
trusted) based on application of this spec. Breno's key point was that
while it is very simple and "atomic",  you can then build more complex
trust profiles, such as profiles that support delegation, by writing a
profile that uses this atomic spec for each "leg" of trust
verification.

LRDD is an example of what a more complex profile would look like,
because it involves at least two steps when you are using host-meta,
and at least three steps if you are using LRDD delegation. LRDD will
use a “handoff of trusted certificates” as the delegation mechanism.

Drummond noted that this may nicely fit the bill of what is needed for
XRI 3.0 resolution.


2) NEXT CALL

NOTE THAT THERE IS NO CALL NEXT WEEK DUE TO SPRING BREAK IN THE U.S.