[OpenID] Summarizing my grouse with XRD
John Kemp
john at jkemp.net
Wed Oct 21 20:21:39 UTC 2009
John Bradley wrote:
> It means that some protocol that is using XRD is defining the subject
> via some external mechanism.
So the XRD spec. is a template spec. meant to be simply incorporated by
reference into other specs. I guess?
>
> In the HTTP protocol case there may be an implicit subject based on the
> identifier that is being resolved.
As mentioned earlier, if the _subject_ of the XRD is identified
(implicitly) by the same URI used to retrieve the XRD itself, then that
seems rather circular.
>
> All normal http caching would apply in the http: case.
Sure, I'm not quibbling with caching...
>
> In the IMI/SAML case we have discussed pushing a XRD as a assertion/claim.
>
> In that case the subject may be the same as the saml:NameID in the
> containing saml:Assertion.
>
> It could perhaps be argued that putting a xrd:Subject and signature
> inside a signed saml:Asertion is un-neccicary.
>
> Suffice to say it is up to the protocol using XRD to decide what to make
> of a XRD without a xrd:Subject.
OK, I think I've understood ;)
Cheers,
- johnk
>
> John B.
>
> On 2009-10-21, at 3:09 PM, John Kemp wrote:
>
>> John Bradley wrote:
>>> Yes a XRD can be used for identity. In that case it should be a
>>> signed XRD (with Subject)
>>> However a XRD can be used to describe any resource (URI).
>>
>> What does it mean then (in XRD terms) if an XRD doesn't identify the
>> resource it describes (ie. it doesn't have a subject)?
>>
>> - johnk
>
More information about the general
mailing list