[Specs-cx] CX Templates ownership

Nat sakimura at gmail.com
Tue Apr 27 11:58:25 UTC 2010


Ah, I think you are conflating the discovery of the template and  
discovery of what template OP supports. Later is merely a hint that  
these would be supported. It does not necessarily mean that other  
templates are not supported.

=nat @ Tokyo via iPhone

On 2010/04/27, at 15:03, nara hideki <hdknr at ic-tact.co.jp> wrote:

> Thanks Nat,
>
> The reason why I start discussion about discovery for templates, the
> current revision of the spec states that template is to be discovered
> thru Auth 2.0 like
> discovery process.  During discussion with you, I think that
> whitelisting kinda registry seems to be better for CX protocol.
>
> hdknr
>
>
> 2010/4/27 Nat Sakimura <n-sakimura at nri.co.jp>:
>> Template does not have to be owned by anyone, but if we want it to be
>> processed automatically by machines, the machines needs to be able  
>> to be
>> pre-configured to accept particular templates. For this, we need to  
>> identify
>> the template and its integrity. This means, we need to know the  
>> template's
>> identifier and its hash at least.
>>
>> For example, identity commons may define several "acceptable policies
>> template".
>> It has associated identifier, and the hash associated with the  
>> template.
>> Identifier itself must be a part of the template as well.
>>
>> Then, an OP may decide to accept some of them, and register their  
>> identifier
>> and hash
>> to its white list database. This way, when a new RP makes a request  
>> with the
>> template,
>> the OP can tell if it is in its acceptable templates list.
>>
>> =nat
>>
>> (2010/04/27 14:05), nara hideki wrote:
>>>
>>> Hi, about CX Templates.
>>>
>>> =Nat hinted that CX Templates may be fetched from any site if those
>>> are securly proteced agaginst alterations. That can be. If so, I  
>>> think
>>> that templates don't have to be discovered by any identifier.
>>>
>>> In those cases, we may have to define how to validate the ownership
>>> the template. It can be the whitelisting.  If the owner is not the  
>>> OP,
>>> it is not so easy for the OP to validate the proposal.
>>>
>>> Any idea welcome.
>>>
>>> ----
>>> hdknr
>>> _______________________________________________
>>> Specs-cx mailing list
>>> Specs-cx at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-cx
>>>
>>
>>
>> --
>> Nat Sakimura (n-sakimura at nri.co.jp)
>> Nomura Research Institute, Ltd.
>> Tel:+81-3-6274-1412 Fax:+81-3-6274-1547
>>
>
>
>> PLEASE READ:
>> The information contained in this e-mail is confidential and  
>> intended for
>> the named recipient(s) only.
>> If you are not an intended recipient of this e-mail, you are hereby  
>> notified
>> that any review, dissemination, distribution or duplication of this  
>> message
>> is strictly prohibited. If you have received this message in error,  
>> please
>> notify the sender immediately and delete your copy from your system.
>>
>>
> _______________________________________________
> Specs-cx mailing list
> Specs-cx at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-cx


More information about the Specs-cx mailing list