<HTML dir=ltr><HEAD></HEAD>
<BODY>
<DIV id=idOWAReplyText77426 dir=ltr>
<DIV dir=ltr><FONT color=#000000><FONT face=Arial size=2>I'm reading </FONT><A href="http://docs.oasis-open.org/xri/xri-resolution/2.0/specs/cd03/xri-resolution-V2.0-cd-03.pdf" target=_blank><FONT face=Arial size=2>http://docs.oasis-open.org/xri/xri-resolution/2.0/specs/cd03/xri-resolution-V2.0-cd-03.pdf</FONT></A></FONT><FONT face=Arial size=2> very carefully, aiming to fully understand OpenID2. My goal is to then go enhance my RDF server so it can respond with some simple XRDS files, augmenting its native metadata about service endpoints with FOAF data (to allow for intelligent RDF-driven RPs). I don't aim to actually implement XRI Resolution. I just want pretend to do so, for some simple XRDs and xri queries. Its a good learning exercise; a good first step to get a feel for the algorithm and how one tunes it all.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>There are a lot of procedures and identity semantics in the specification. Its essentially a toolkit. How literally should I take all the options, as they reflect on OpenID2? Can any and all of the options in the document be leveraged when building an actual OP->RP relationship? Are any and all the options "compatible" with OpenID infrastructure vision?</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>For example, as a solution architect, I could specify that an OP will operate a regime requiring only this or that durability of resources, that equivID will be used in way X to accomplish Y per the spec, that child and parent authorities will and will not be able to do certain things - per choice of policies and setup, etc, that XRI references between XRDs shall occur in this or that way. As a result, I could easily take the toolkit and build a very unique and particular trust model, addressing the full lifecycle of identity management in a distributed authority model.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>If I were to do all this "heavyweight identity management", can I still be asserting at the end of the day that Im "doing OpenID", in a manner "consistent with" the openid culture, vision and community goals?</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>I ask, as building such a trust model is rather different culturally to the traditional context - in which a user goes stuff some meta tags into a blogging HTML page, a user types in a URL at a URL, and OP->RP flows send assertions over an authenticated channel! Such an XRI-derived infrastructure is an entirely different kind of trust management infrastructure, very much focused on notions of authority and is very much contingent on RP recognizing that various third parties authorities have various rights to speak (in different ways) for a particular user identity.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Obviously, there is no one word sentence answer to this question set. Its guidance I'm looking for</FONT></DIV></DIV>
<DIV id=idSignature3950 dir=ltr>
<DIV><FONT face=Arial color=#000000 size=2><SPAN style="FONT-SIZE: 7.5pt"></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#000000 size=2><SPAN style="FONT-SIZE: 7.5pt">_________________________<BR></SPAN><B>Peter Williams<BR></DIV></B></FONT></DIV></BODY></HTML>