[OpenID] XRI reputation service
Peter Williams
pwilliams at rapattoni.com
Sun Mar 23 23:23:14 UTC 2008
In my aborted PhD dissertation (a pretty dismal effort, by almost all accounts), I specified a protocol that allowed two SSO users (known as LDAP/X.500 DUAs communicating via "sp-initiated" DAP over a DSP secure bearer to remote directory entries) to create and exchange X.509 cross-certificates peer to peer, to build (symmetric) "personal" reliance models. In modern parlance, one openid reputation model.
The above all easily translates into OpenID terms. A user served by OP#1 does openid auth to a consumer at OP#2 and obtains party#2's master XRD, which party#1 countersigns in realtime. In a 3 phase protocol, both parties engage in this activity in sequence, building symmetric forward/reverse reliance graphs from the cross-product of meta-assertions about each other's (now counter-signed) master XRD metadata. Each party stores their view of this common, peer/peer "reliance model" in their personal XRI-referenced contacts page/service. The correctness of the security model relies upon a trusted infrastructure agent (X) enforcing access controls - that must be in force over the user's XRDS contact servde, to which only the subscriber to the name must have the write privilege.
At http://admin.testxri.com/srvr/Index/ I see there is nominal abilty to obain a signed descriptor, presumably an XML dsig wrapper around the XRDS stream. Anyone out there willing to play with me and apply the above reliance "reputation" protocol, using their OpenXRI platfom? Ideally, someone will teach me how to add an SEP and associated XRI service-name to the server, to allow folks to store the reputation data in a custom i-service rather than the contacts service.
(X) what is the modern for this agent, in the XRI model? Back in 1992, X was called a DSA (service agent) supported by a DMA (schema management authority) operating one or more naming contexts in a PRDMD (private management domain)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080323/9861016e/attachment-0002.htm>
More information about the general
mailing list