Heya Peter,<br><br>First of all: The interface you see at <a href="http://admin.testxri.com" target="_blank">http://admin.testxri.com</a> is publicly available, it's checked into the OpenXRI SourceForge repository. So if you're motivated enough, you can install the OpenXRI server plus the admin interface yourself.<br>
<br>If you want to try that, the best place to start is the user manual:<br><a href="http://openxri.svn.sourceforge.net/viewvc/*checkout*/openxri/openxri4j/trunk/org.openxri.server/OpenXRI%20Server%20User%20Manual.pdf">http://openxri.svn.sourceforge.net/viewvc/*checkout*/openxri/openxri4j/trunk/org.openxri.server/OpenXRI%20Server%20User%20Manual.pdf</a><br>
<br>As far as "signed descriptors" are concerned, this means that XRI authority resolution servers can include a SAML assertion with an XRDS document, if a client requests that.<br><br>I'm not an expert on OpenID, LDAP, etc, I just help a bit with OpenXRI, so if you're interested in that I'd be happy to "play" with you, as you put it :)<br>
<br>greetings from Vienna,<br>Markus<br><br><div class="gmail_quote">On Mon, Mar 24, 2008 at 12:23 AM, Peter Williams <<a href="mailto:pwilliams@rapattoni.com" target="_blank">pwilliams@rapattoni.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div text="#000000" bgcolor="#ffffff">
<div dir="ltr">
<div dir="ltr"><font color="#000000" face="Arial" size="2">In my aborted PhD dissertation (a pretty dismal effort, by almost all accounts), I specified a protocol that allowed two SSO users (known as LDAP/X.500 DUAs communicating via "sp-initiated" DAP over a DSP secure bearer to remote directory entries) to create and exchange X.509 cross-certificates peer to peer, to build (symmetric) "personal" reliance models. In modern parlance, one openid reputation model.</font></div>
<div dir="ltr"><font color="#000000" face="Arial" size="2"></font> </div>
<div dir="ltr"><font color="#000000" face="Arial" size="2">The above all easily translates into OpenID terms. A user served by OP#1 does openid auth to a consumer at OP#2 and obtains party#2's master XRD, which party#1 countersigns in realtime. In a 3 phase protocol, both parties engage in this activity in sequence, building symmetric forw</font><font color="#000000" face="Arial" size="2">ard/reverse reliance graphs from the cross-product of meta-assertions about each other's (now counter-signed) master XRD metadata. Each party stores their view of this common, peer/peer "reliance model" in their personal XRI-referenced contacts page/service. The correctness of the security model relies upon a trusted infrastructure agent (X) enforcing access controls - that must be in force over the user's XRDS contact servde, to which only the subscriber to the name must have the write privilege.</font></div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2">At <a href="http://admin.testxri.com/srvr/Index/" target="_blank">http://admin.testxri.com/srvr/Index/</a> I see there is nominal abilty to obain a signed descriptor, presumably an XML dsig wrapper around the XRDS stream. </font><font face="Arial" size="2">Anyone out there willing to play with me and apply the above reliance "reputation" protocol, using their OpenXRI platfom? Ideally, someone will teach me how to add an SEP and associated XRI service-name to the server, to allow folks to store the reputation data in a custom i-service rather than the contacts service.</font></div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2">(X) what is the modern for this agent, in the XRI model? Back i</font><font face="Arial" size="2">n 1992, X was called a DSA (service agent) supported by a DMA (schema management authority) operating one or more naming contexts in a PRDMD (private management domain)</font></div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font color="#000000" face="Arial" size="2"></font> </div></div>
<div dir="ltr">
<div><font face="Arial"></font> </div></div></div>
<br>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
<br></blockquote></div><br>