Subject: Minutes: XRI TC Telecon 2-3PM PT Thursday 2010-04-01
Following are the minutes of the unofficial telecon of the XRI TC at: Date: Thursday, 01 April 2010 USA Time: 2:00PM - 3:00PM Pacific Time (21:00-22:00 UTC) ATTENDING Will Norris Breno de Medeiros Markus Sabadello John Bradley Joe Boyle Drummond Reed AGENDA 1) PROPOSAL FOR AN X.509-BASED XRI TRUST PROFILE http://lists.oasis-open.org/archives/xri/201001/msg00083.html Breno described the current state of the spec as follows. It starts by defining three identifier sets: 1) Application-supplied resource identifier 2) XRD internal identifiers (Subject, Alias, extension) 3) Certification subject identifiers Inputs are: 1) Signed XRD document 2) A list of trusted certificates 3) An application-supplied URI Validation: 1) Extract XRD internal identifiers from XRD 2) Compare with XRD internal identifiers – no match = FAIL 3) From XRD signature element, extract X.509 cert 4) From X.509 cert, extract Cert subject identifiers 5) Perform authority match between the Cert subject identifier and the application-supplied resource identifiers – no match = FAIL We had a long discussion about what can be deduced (i.e., what can be trusted) based on application of this spec. Breno's key point was that while it is very simple and "atomic", you can then build more complex trust profiles, such as profiles that support delegation, by writing a profile that uses this atomic spec for each "leg" of trust verification. LRDD is an example of what a more complex profile would look like, because it involves at least two steps when you are using host-meta, and at least three steps if you are using LRDD delegation. LRDD will use a “handoff of trusted certificates” as the delegation mechanism. Drummond noted that this may nicely fit the bill of what is needed for XRI 3.0 resolution. 2) NEXT CALL NOTE THAT THERE IS NO CALL NEXT WEEK DUE TO SPRING BREAK IN THE U.S.