[OpenID] Open Challenge to webfinger and XRD
Breno de Medeiros
breno at google.com
Mon Oct 19 20:56:23 UTC 2009
The subject of an XRD is implicitly the URI of the resource that was
discovered and resulted in this XRD being returned as its metadata. So
in general Subject is not needed.
When the same metadata applies to multiple URIs then one can be the
Subject and others can be Aliases.
Another use for Subject is for the XRD signature. A sound trust model
needs to validate the binding of subject and metadata in the
signature, so Subject should always be present in signed documents,
unless the application defines other means to bind the metadata and
resource in a verifiable way.
--
--Breno
+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)
More information about the general
mailing list