[OpenID] XRI reputation service

Markus Sabadello markus.sabadello at gmail.com
Mon Mar 24 01:21:48 UTC 2008 

Heya Peter,

First of all: The interface you see at http://admin.testxri.com is publicly
available, it's checked into the OpenXRI SourceForge repository. So if
you're motivated enough, you can install the OpenXRI server plus the admin
interface yourself.

If you want to try that, the best place to start is the user manual:
http://openxri.svn.sourceforge.net/viewvc/*checkout*/openxri/openxri4j/trunk/org.openxri.server/OpenXRI%20Server%20User%20Manual.pdf

As far as "signed descriptors" are concerned, this means that XRI authority
resolution servers can include a SAML assertion with an XRDS document, if a
client requests that.

I'm not an expert on OpenID, LDAP, etc, I just help a bit with OpenXRI, so
if you're interested in that I'd be happy to "play" with you, as you put it
:)

greetings from Vienna,
Markus

On Mon, Mar 24, 2008 at 12:23 AM, Peter Williams <pwilliams at rapattoni.com>
wrote:

>  In my aborted PhD dissertation (a pretty dismal effort, by almost all
> accounts), I specified a protocol that allowed two SSO users (known as
> LDAP/X.500 DUAs  communicating via "sp-initiated" DAP over a DSP secure
> bearer to remote directory entries) to create and exchange X.509cross-certificates peer to peer, to build (symmetric) "personal" reliance
> models. In modern parlance, one openid reputation model.
>
> The above all easily translates into OpenID terms. A user served by OP#1
> does openid auth to a consumer at OP#2 and obtains party#2's master XRD,
> which party#1 countersigns in realtime. In a 3 phase protocol, both parties
> engage in this activity in sequence, building symmetric forward/reverse
> reliance graphs from the cross-product of meta-assertions about each other's
> (now counter-signed) master XRD metadata. Each party stores their view of
> this common, peer/peer "reliance model" in their personal XRI-referenced
> contacts page/service. The correctness of the security model relies upon a
> trusted infrastructure agent (X) enforcing access controls - that must be in
> force over the user's XRDS contact servde, to which only the subscriber to
> the name must have the write privilege.
>
> At http://admin.testxri.com/srvr/Index/ I see there is nominal abilty to
> obain a signed  descriptor, presumably an XML dsig wrapper around the XRDS
> stream. Anyone out there willing to play with me and apply the above
> reliance "reputation" protocol, using their OpenXRI platfom? Ideally,
> someone will teach me how to add an SEP and associated XRI service-name to
> the server, to allow folks to store the reputation data in a custom
> i-service rather than the contacts service.
>
> (X)  what is the modern for this agent, in the XRI model?  Back in 1992, X
> was called a DSA (service agent) supported by a DMA (schema management
> authority) operating one or more naming contexts in a PRDMD (private
> management domain)
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080324/f5d56f41/attachment-0002.htm>

More information about the general mailing list