Specifying identifier recycling

Drummond Reed drummond.reed at cordance.net
Mon Jun 4 05:47:21 UTC 2007


>> Johnny Bufu wrote:
>> 
>> We did look at this (with Drummond) in December. The bottom line is  
>> that it can't be done easily - a mechanism similar to XRI's canonical  
>> ID verification would have to be employed, to confirm that the i- 
>> number actually 'belongs' to the URL on which discovery was  
>> initiated. (Otherwise anyone could put any i-number in their URL- 
>> based XRDS files.)
>> 
>Martin Atkins wrote:
>
>Indeed, CanonicalID verification would be necessary, but it's already 
>necessary if you want to accept XRI-based logins anyway.
>
>Last time we were talking about this CanonicalID verification for XRI 
>was not yet specified. Is it now specified somewhere?

Martin, it's been specified in draft form since last October on the XRI TC
wiki at:

	http://wiki.oasis-open.org/xri/XriCd02/CanonicalIdVerification

The content there was moved week before last into the first editor's draft
of XRI Resolution 2.0 Working Draft 11 at:

	
http://www.oasis-open.org/committees/download.php/24096/xri-resolution-v2.0-
wd-11-ed-01.doc

The new Canonical ID Verification section is #11. Note that the verification
rules currently only cover if the XRDS is discovered from an XRI. In the
second editor's draft, due this Wednesday, we will add rules for
verification if the XRDS is discovered from a URL.

=Drummond 




More information about the specs mailing list