[OpenID] Summarizing my grouse with XRD
John Bradley
ve7jtb at ve7jtb.com
Wed Oct 21 19:21:41 UTC 2009
It means that some protocol that is using XRD is defining the subject
via some external mechanism.
In the HTTP protocol case there may be an implicit subject based on
the identifier that is being resolved.
All normal http caching would apply in the http: case.
In the IMI/SAML case we have discussed pushing a XRD as a assertion/
claim.
In that case the subject may be the same as the saml:NameID in the
containing saml:Assertion.
It could perhaps be argued that putting a xrd:Subject and signature
inside a signed saml:Asertion is un-neccicary.
Suffice to say it is up to the protocol using XRD to decide what to
make of a XRD without a xrd:Subject.
John B.
On 2009-10-21, at 3:09 PM, John Kemp wrote:
> John Bradley wrote:
>> Yes a XRD can be used for identity. In that case it should be a
>> signed XRD (with Subject)
>> However a XRD can be used to describe any resource (URI).
>
> What does it mean then (in XRD terms) if an XRD doesn't identify the
> resource it describes (ie. it doesn't have a subject)?
>
> - johnk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2468 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20091021/da9da7d8/attachment.bin>
More information about the general
mailing list