Hi. I am one of the members in XRI TC, who was pressing for more simplicity. <div>Having said that, here are my comments inline: <br><br><div class="gmail_quote">On Sun, Jul 12, 2009 at 5:24 PM, Santosh Rajan <span dir="ltr"><<a href="mailto:santrajan@gmail.com">santrajan@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><br>
What better way than to spend a rainy sunday morning reading up on the XRI TC<br>
mailing list. (This is monsoon/rainy season in my part of the world, have a<br>
lot of free time at home this month).<br>
I am posting this here because whatever they end up with has a bearing on<br>
OpenID if we were to adopt it. Also I think I cannot join that list, its<br>
members only. You can read the list here.(June and July).<br>
<a href="http://lists.oasis-open.org/archives/xri/200906/maillist.html" target="_blank">http://lists.oasis-open.org/archives/xri/200906/maillist.html</a><br>
<a href="http://lists.oasis-open.org/archives/xri/200906/maillist.html" target="_blank">http://lists.oasis-open.org/archives/xri/200906/maillist.html</a><br>
<a href="http://lists.oasis-open.org/archives/xri/200907/maillist.html" target="_blank">http://lists.oasis-open.org/archives/xri/200907/maillist.html</a><br>
<a href="http://lists.oasis-open.org/archives/xri/200907/maillist.html" target="_blank">http://lists.oasis-open.org/archives/xri/200907/maillist.html</a><br>
<br>
<br>
Whenever a new technology is released people react in one of two ways.<br>
1) Awesome! This is so simple. How come we never thought of this?<br>
2) Jeez! This is so complicated! Do I need this?<br>
<br>
My hope was that we would get (1) as a reaction when XRD is released. After<br>
all the very reason for adopting XRD vis a vis XRDS was that XRD was going<br>
to be simple. But that is not the impression you will get after reading what<br>
is going on there. Looks like we are headed for (2) as the reaction from<br>
folks when this is released. Looks to me this is going to be more<br>
complicated than XRDS!<br>
<br>
Now this is not to suggest that the arguments posed in those lists are not<br>
valid. On the contrary indeed all those arguments are valid. But the<br>
question is, if XRD was supposed to be something simple, do we need to make<br>
those arguments at all?<br>
<br>
I will elaborate on three cases here.<br>
<br>
First is the argument of XMLDSig. If XMLDsig has had interop problems for 11<br>
years, and you still need to test it before you adopt it, it is about time<br>
you dumped it!</blockquote><div><br></div><div>I was pushing for a very simple Signing method but people did not want to invent yet another signing method for XML. Thus, I and my colleague Tatsuki made some research on the implementation issues there. What we have found out was that, if we stick to the Exclusive c14n, it works OK for Java, Python, PHP. It does not for Ruby, so we need to make a decent library for it. The same is probably true for Perl. For Python, there was a pure Python library, so it will probably work for GAE as well. </div>
<div><br></div><div>The reason why TC decided to use this constrained form of XML DSig was that we have fairly good library support now and we do not need to redefine a lot of thing if we do this. That is going to be a simpler spec to read. You know, most of the implementors will not write code to support these security features but relies on the libraries. </div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><br>
<br>
<TargetAuthority>. Looks like everyone one is convinced that it is required.<br>
Now this seems to be required only if you want to address the "trust issue".<br>
The trust issue as far as I can see is not an issue that has come to a<br>
consensus. In any case it wasnt addressed in OpenID 1 and 2. And I dont<br>
think we need to address it in the next minor release. In any case XRD was<br>
supposed to be simple. In which case this is an issue to be addressed<br>
outside of/over and above XRD. So <TargerAuthoruty> is not required here.<br>
Atleast not in the first roll out of XRD.</blockquote><div><br></div><div><TargetAuthority> was dropped. It is now <Subject> within <Link>. </div><div><br></div><div>By the way, you absolutely need this in OpenID. If you do not, you will not be able to do the delegation. Of course, if you do not want the delegation in OpenID, that is another matter... </div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><br>
<br>
<Subject>Subject of the host meta. This looks like a howler to me. I mean<br>
why are we even getting into this? If you want to keep XRD simple then all<br>
you need is the english language definition of the word "Subject". So the<br>
subject of the host meta is "domain xrd".</blockquote><div><br></div><div>It is not the Subject of the host meta. Subject is the thing/person/whatever this XRD is describing.Thus, I think <Subject> is simple enough. </div>
<div>In OpenID use case, it would be the claimed identifier (canonical id) of the person. </div><div>It used to be called <CanonicalID>. </div><div><br></div><div>I do not understand what you mean by "domain xrd". </div>
<div><br></div><div>=nat</div><div><br></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><br>
<br>
So why dont we come out with a simple XRD that will elicit a response like<br>
(1) above from people?<br>
<br>
-----<br>
<br>
Santosh Rajan<br>
<a href="http://santrajan.blogspot.com" target="_blank">http://santrajan.blogspot.com</a> <a href="http://santrajan.blogspot.com" target="_blank">http://santrajan.blogspot.com</a><br>
<font color="#888888">--<br>
View this message in context: <a href="http://www.nabble.com/XRI-TC---An-Outsiders-perspective-tp24446729p24446729.html" target="_blank">http://www.nabble.com/XRI-TC---An-Outsiders-perspective-tp24446729p24446729.html</a><br>
Sent from the OpenID - General mailing list archive at Nabble.com.<br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</font></blockquote></div><br><br clear="all"><br>-- <br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a><br>
</div>