<HTML dir=ltr><HEAD></HEAD>
<BODY text=#000000 bgColor=#ffffff>
<DIV id=idOWAReplyText90288 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>In my aborted PhD dissertation (a pretty dismal effort, by almost all accounts), I specified a protocol that allowed two SSO users (known as LDAP/X.500 DUAs communicating via "sp-initiated" DAP over a DSP secure bearer to remote directory entries) to create and exchange X.509 cross-certificates peer to peer, to build (symmetric) "personal" reliance models. In modern parlance, one openid reputation model.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>The above all easily translates into OpenID terms. A user served by OP#1 does openid auth to a consumer at OP#2 and obtains party#2's master XRD, which party#1 countersigns in realtime. In a 3 phase protocol, both parties engage in this activity in sequence, building symmetric forw</FONT><FONT face=Arial color=#000000 size=2>ard/reverse reliance graphs from the cross-product of meta-assertions about each other's (now counter-signed) master XRD metadata. Each party stores their view of this common, peer/peer "reliance model" in their personal XRI-referenced contacts page/service. The correctness of the security model relies upon a trusted infrastructure agent (X) enforcing access controls - that must be in force over the user's XRDS contact servde, to which only the subscriber to the name must have the write privilege.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>At <A href="http://admin.testxri.com/srvr/Index/" target=_blank>http://admin.testxri.com/srvr/Index/</A> I see there is nominal abilty to obain a signed descriptor, presumably an XML dsig wrapper around the XRDS stream. </FONT><FONT face=Arial size=2>Anyone out there willing to play with me and apply the above reliance "reputation" protocol, using their OpenXRI platfom? Ideally, someone will teach me how to add an SEP and associated XRI service-name to the server, to allow folks to store the reputation data in a custom i-service rather than the contacts service.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>(X) what is the modern for this agent, in the XRI model? Back i</FONT><FONT face=Arial size=2>n 1992, X was called a DSA (service agent) supported by a DMA (schema management authority) operating one or more naming contexts in a PRDMD (private management domain)</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV></DIV>
<DIV id=idSignature49574 dir=ltr>
<DIV><FONT face=Arial></FONT> </DIV></DIV></BODY></HTML>