[Specs-cx] CX Templates ownership
Nat
sakimura at gmail.com
Tue Apr 27 11:58:25 UTC 2010
Ah, I think you are conflating the discovery of the template and
discovery of what template OP supports. Later is merely a hint that
these would be supported. It does not necessarily mean that other
templates are not supported.
=nat @ Tokyo via iPhone
On 2010/04/27, at 15:03, nara hideki <hdknr at ic-tact.co.jp> wrote:
> Thanks Nat,
>
> The reason why I start discussion about discovery for templates, the
> current revision of the spec states that template is to be discovered
> thru Auth 2.0 like
> discovery process. During discussion with you, I think that
> whitelisting kinda registry seems to be better for CX protocol.
>
> hdknr
>
>
> 2010/4/27 Nat Sakimura <n-sakimura at nri.co.jp>:
>> Template does not have to be owned by anyone, but if we want it to be
>> processed automatically by machines, the machines needs to be able
>> to be
>> pre-configured to accept particular templates. For this, we need to
>> identify
>> the template and its integrity. This means, we need to know the
>> template's
>> identifier and its hash at least.
>>
>> For example, identity commons may define several "acceptable policies
>> template".
>> It has associated identifier, and the hash associated with the
>> template.
>> Identifier itself must be a part of the template as well.
>>
>> Then, an OP may decide to accept some of them, and register their
>> identifier
>> and hash
>> to its white list database. This way, when a new RP makes a request
>> with the
>> template,
>> the OP can tell if it is in its acceptable templates list.
>>
>> =nat
>>
>> (2010/04/27 14:05), nara hideki wrote:
>>>
>>> Hi, about CX Templates.
>>>
>>> =Nat hinted that CX Templates may be fetched from any site if those
>>> are securly proteced agaginst alterations. That can be. If so, I
>>> think
>>> that templates don't have to be discovered by any identifier.
>>>
>>> In those cases, we may have to define how to validate the ownership
>>> the template. It can be the whitelisting. If the owner is not the
>>> OP,
>>> it is not so easy for the OP to validate the proposal.
>>>
>>> Any idea welcome.
>>>
>>> ----
>>> hdknr
>>> _______________________________________________
>>> Specs-cx mailing list
>>> Specs-cx at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-cx
>>>
>>
>>
>> --
>> Nat Sakimura (n-sakimura at nri.co.jp)
>> Nomura Research Institute, Ltd.
>> Tel:+81-3-6274-1412 Fax:+81-3-6274-1547
>>
>
>
>> PLEASE READ:
>> The information contained in this e-mail is confidential and
>> intended for
>> the named recipient(s) only.
>> If you are not an intended recipient of this e-mail, you are hereby
>> notified
>> that any review, dissemination, distribution or duplication of this
>> message
>> is strictly prohibited. If you have received this message in error,
>> please
>> notify the sender immediately and delete your copy from your system.
>>
>>
> _______________________________________________
> Specs-cx mailing list
> Specs-cx at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-cx
More information about the Specs-cx
mailing list