[OpenID] Open Challenge to webfinger and XRD
Santosh Rajan
santrajan at gmail.com
Mon Oct 19 21:08:25 UTC 2009
What do you mean "In general Subject is not needed"? If there is no <Subject>
how are you going to verify what you got is indeed what you were looking
for?
Breno de Medeiros wrote:
>
> The subject of an XRD is implicitly the URI of the resource that was
> discovered and resulted in this XRD being returned as its metadata. So
> in general Subject is not needed.
>
> When the same metadata applies to multiple URIs then one can be the
> Subject and others can be Aliases.
>
> Another use for Subject is for the XRD signature. A sound trust model
> needs to validate the binding of subject and metadata in the
> signature, so Subject should always be present in signed documents,
> unless the application defines other means to bind the metadata and
> resource in a verifiable way.
>
>
> --
> --Breno
>
> +1 (650) 214-1007 desk
> +1 (408) 212-0135 (Grand Central)
> MTV-41-3 : 383-A
> PST (GMT-8) / PDT(GMT-7)
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>
>
-----
Santosh Rajan
http://santrajan.blogspot.com http://santrajan.blogspot.com
--
View this message in context: http://www.nabble.com/Open-Challenge-to-webfinger-and-XRD-tp25963216p25965578.html
Sent from the OpenID - General mailing list archive at Nabble.com.
More information about the general
mailing list