<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv=Content-Type content="text/html; charset=us-ascii">

<meta name=Generator content="Microsoft Word 12 (filtered medium)">

<base href="x-msg://85/">

<style>

<!--

 /* Font Definitions */

 @font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

 /* Style Definitions */

 p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph

        {mso-style-priority:34;

        margin-top:0in;

        margin-right:0in;

        margin-bottom:0in;

        margin-left:.5in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";}

span.apple-style-span

        {mso-style-name:apple-style-span;}

span.apple-converted-space

        {mso-style-name:apple-converted-space;}

span.EmailStyle20

        {mso-style-type:personal-reply;

        font-family:"Calibri","sans-serif";

        color:#1F497D;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;}

@page Section1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.Section1

        {page:Section1;}

 /* List Definitions */

 @list l0

        {mso-list-id:927694088;

        mso-list-type:hybrid;

        mso-list-template-ids:-2075107380 40112804 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}

@list l0:level1

        {mso-level-start-at:0;

        mso-level-number-format:bullet;

        mso-level-text:-;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-.25in;

        font-family:"Arial","sans-serif";

        mso-fareast-font-family:Calibri;}

@list l0:level2

        {mso-level-tab-stop:1.0in;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l0:level3

        {mso-level-tab-stop:1.5in;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l0:level4

        {mso-level-tab-stop:2.0in;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l0:level5

        {mso-level-tab-stop:2.5in;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l0:level6

        {mso-level-tab-stop:3.0in;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l0:level7

        {mso-level-tab-stop:3.5in;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l0:level8

        {mso-level-tab-stop:4.0in;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l0:level9

        {mso-level-tab-stop:4.5in;

        mso-level-number-position:left;

        text-indent:-.25in;}

ol

        {margin-bottom:0in;}

ul

        {margin-bottom:0in;}

-->

</style>

<!--[if gte mso 9]><xml>

 <o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

 <o:shapelayout v:ext="edit">

  <o:idmap v:ext="edit" data="1" />

 </o:shapelayout></xml><![endif]-->

</head>

<body lang=EN-US link=blue vlink=purple style='word-wrap: break-word;

-webkit-nbsp-mode: space;-webkit-line-break: after-white-space'>

<div class=Section1>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>So I broke

down and took a look at oasis work products.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><strong><span style='font-family:"Arial","sans-serif"'><a

href="http://www.oasis-open.org/committees/download.php/33876/xri-syntax-3.0-wd02.doc"><span

style='color:windowtext'>http://www.oasis-open.org/committees/download.php/33876/xri-syntax-3.0-wd02.doc</span></a>:</span><o:p></o:p></strong></p>

<p class=MsoNormal><strong><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></strong></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><strong><span

style='font-family:"Arial","sans-serif";font-weight:normal'><span

style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

</span></span></span></strong><![endif]><strong><span style='font-family:"Arial","sans-serif";

font-weight:normal'>seems to be a generalization of the HXRI notion. The syntax

and the allied notion of binding seems (to me to be) the most contentious part

for W3C, as it competes with the URI+inference doing the same thing.<o:p></o:p></span></strong></p>

<p class=MsoListParagraph><strong><span style='font-family:"Arial","sans-serif";

font-weight:normal'><o:p>&nbsp;</o:p></span></strong></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><strong><span

style='font-family:"Arial","sans-serif";font-weight:normal'><span

style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

</span></span></span></strong><![endif]><strong><span style='font-family:"Arial","sans-serif";

font-weight:normal'>Everything to do with a particular DNS-like tree-walking

resolver is gone. But I don&#8217;t believe that the resolver was the W3C main

objection. Their fundamental objection is that XRI &#8220;thinking&#8221;

institutionalizes a 2 tier web, of trusted providers and untrustworthy plebs.<o:p></o:p></span></strong></p>

<p class=MsoNormal><strong><span style='font-family:"Arial","sans-serif";

font-weight:normal'><o:p>&nbsp;</o:p></span></strong></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><strong><span

style='font-family:"Arial","sans-serif";font-weight:normal'><span

style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

</span></span></span></strong><![endif]><strong><span style='font-family:"Arial","sans-serif";

font-weight:normal'>The definitions and orientation are very much now about

semweb (XDI variant) and identity equivalence logics, rather than name serving

and synonym registration.<o:p></o:p></span></strong></p>

<p class=MsoNormal><strong><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></strong></p>

<p class=MsoNormal><strong><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></strong></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><a

href="http://www.oasis-open.org/committees/download.php/33232/xrd-1.0.pdf"><span

style='color:windowtext'>http://www.oasis-open.org/committees/download.php/33232/xrd-1.0.pdf</span></a></span><o:p></o:p></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span

style='font-family:"Arial","sans-serif"'><span style='mso-list:Ignore'>-<span

style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span

style='font-family:"Arial","sans-serif"'>like X.509, XRD is now a

&#8220;format&#8221; &#8211; and must necessarily be profiled.<o:p></o:p></span></p>

<p class=MsoListParagraph><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span

style='font-family:"Arial","sans-serif"'><span style='mso-list:Ignore'>-<span

style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span

style='font-family:"Arial","sans-serif"'>It defines a protocol for obtaining

resource descriptors from http(s) URIs, which implies that HTTP is not said

protocol. That is, there will be different protocols that can

&#8220;resolve&#8221; an http URI. That is, the protocol portion of a URI is no

longer that which defines the protocol (which makes things innately

incompatible with web architecture&#8230;!) Or perhaps , I&#8217;m just an old

school thinker, and the world has moved on &#8230; Formally, a XRI has the form

of an URI, but is not one. So formally, its legitimate to play these kinds of

definitional games. One should always worry about specs that require

super-parsing and contextual semantics, as they tend to lose most of the vb

crowd.<o:p></o:p></span></p>

<p class=MsoListParagraph><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span

style='font-family:"Arial","sans-serif"'><span style='mso-list:Ignore'>-<span

style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span

style='font-family:"Arial","sans-serif"'>The introduction make it clear that

the focus is service advertisement and interface discovery, aping a bit how

ldap is used in grid middleware. It will be interesting to see if the

information model of XRD can do better than the class/object/attribute/syntax

information model of X.500, from the mid 80s.<o:p></o:p></span></p>

<p class=MsoListParagraph><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span

style='font-family:"Arial","sans-serif"'><span style='mso-list:Ignore'>-<span

style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span

style='font-family:"Arial","sans-serif"'>In section 2.0, folks clearly buy-in

to the rel=X movement the microformats world; which seems sensible. Its seems a

minor improvement over the SEP.type=&lt;uri&gt; way of doing the same thing, in

openid 2.0 &#8211; though. But, it will probably garner votes, now.<o:p></o:p></span></p>

<p class=MsoListParagraph><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span

style='font-family:"Arial","sans-serif"'><span style='mso-list:Ignore'>-<span

style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span

style='font-family:"Arial","sans-serif"'>In section 2.2, we see that there are

implied trust, authority and caching models. Whether these are semweb focused,

XDI focused, grid focused&#8230; we don&#8217;t know.<o:p></o:p></span></p>

<p class=MsoListParagraph><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span

style='font-family:"Arial","sans-serif"'><span style='mso-list:Ignore'>-<span

style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span

style='font-family:"Arial","sans-serif"'>Link looks like a renaming of SEP.

Honestly&#8230; I cannot tell the difference. <o:p></o:p></span></p>

<p class=MsoListParagraph><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span

style='font-family:"Arial","sans-serif"'><span style='mso-list:Ignore'>-<span

style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span

style='font-family:"Arial","sans-serif"'>Links URITemplate looks like a

re-engineering of the old re-writing rules of QXRI.<o:p></o:p></span></p>

<p class=MsoListParagraph><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span

style='font-family:"Arial","sans-serif"'><span style='mso-list:Ignore'>-<span

style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span

style='font-family:"Arial","sans-serif"'>The semantics of KeyInfo are

interesting and different to XRI 2.0 : &#8220;</span><span lang=EN

style='font-family:"Arial","sans-serif"'>validate interaction with the linked

resource.&#8221; </span><span style='font-family:"Arial","sans-serif"'>This

seems to mean that different &#8220;interactions&#8221; can leverage the keying

material.<o:p></o:p></span></p>

<p class=MsoListParagraph><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span

style='font-family:"Arial","sans-serif"'><span style='mso-list:Ignore'>-<span

style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span

style='font-family:"Arial","sans-serif"'>In 2.5, Im glad to see URIs used for

naming elements, etc, not HXRIs etc<o:p></o:p></span></p>

<p class=MsoListParagraph><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span

style='font-family:"Arial","sans-serif"'><span style='mso-list:Ignore'>-<span

style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span

style='font-family:"Arial","sans-serif"'>3.2 seems to be the old Referral

semantics ,for distributed authority management. But, it also feels more

generalized (from the few words provided).<o:p></o:p></span></p>

<p class=MsoListParagraph><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span

style='font-family:"Arial","sans-serif"'><span style='mso-list:Ignore'>-<span

style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span

style='font-family:"Arial","sans-serif"'>3.3 clearly says that selection can

depend on non-XRD extensions; which is cute (it can be delegated to the binding

resolver)<o:p></o:p></span></p>

<p class=MsoListParagraph><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span

style='font-family:"Arial","sans-serif"'><span style='mso-list:Ignore'>-<span

style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span

style='font-family:"Arial","sans-serif"'>4.1 and 4.2 don&#8217;t say a lot, on

an important topic. It should be made clear that the constraints only apply to

the signatures in the XRD namespace. Signatures in XRD extensions are not

addressed (or constrained).<o:p></o:p></span></p>

<p class=MsoListParagraph><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Hmm. Its al

definitely simpler. But without the bindings resolvers, it&#8217;s hard to

evaluate he likely effectiveness of the two &#8211; as so much context is

missing. It&#8217;s hardly the intellectual tour-de-force though that I was led

to believe. It&#8217;s mostly a dumbing down of XRI resolution v2 (which I

found quite an intellectual tour de force..)<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Reminds me of

the moment with ISO divorced X.509 syntax and processing from X.500 name

resolution, so it could roam free of OSI, ultimately get dumbed down by

Netscape, and thus do what it did for the web when mixed with SSL for form the

https protocols. <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>And, given

the historical impact of that decision, folks may well be doing the right

thing.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoListParagraph><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoListParagraph><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&nbsp;<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<div>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>

<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>From:</span></b><span

style='font-family:"Arial","sans-serif"'> John Bradley

[mailto:ve7jtb@ve7jtb.com] <br>

<b>Sent:</b> Saturday, September 12, 2009 9:26 AM<br>

<b>To:</b> Peter Williams<br>

<b>Cc:</b> openid General<br>

<b>Subject:</b> Re: [OpenID] google, xri and signed xrd<o:p></o:p></span></p>

</div>

</div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Andrew Arnott

started to port the XRI resolver to .NET. &nbsp;<o:p></o:p></span></p>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The decision

was made part way into the project to wait for the XRD 1.0 spec and XRI 3.0

resolution.<o:p></o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>For the GSA

using XRI for whitelists, the discussion did happen. &nbsp;&nbsp;<o:p></o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Though it was

more around white-lists for info-card.<o:p></o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>We didn't

want to introduce new xmldsig requirements for openID RPs that don't currently

exist.<o:p></o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Once there is

a XRD spec with dsig that is part of openID that can be revisited.<o:p></o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>When the

info-card profile comes out next week you will be able to see where we might

take it in the future.<o:p></o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Though the

infocard whitelist will be based on SAML meta-data rather than XRD for the

moment.<o:p></o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>I had hoped

to do a distributed white-list for openID but that was a bridge too far for the

first round.<o:p></o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>A central

whitelist was the practical choice, not the one we believed was best long term.<o:p></o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>John B.<o:p></o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>PS XRI 2.0 is

not an oasis standard we lost the vote, I cant change that.&nbsp;<o:p></o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>On

2009-09-12, at 10:34 AM, Peter Williams wrote:<o:p></o:p></span></p>

</div>

<p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<div>

<div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Addressing

the weaknesses in openid discovery (XRI discovery, not YADIS)<o:p></o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&nbsp;<o:p></o:p></span></p>

</div>

<div style='margin-left:.5in'>

<p class=MsoNormal style='text-indent:-.25in'><span style='font-family:"Arial","sans-serif"'>1.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span

class=apple-converted-space>&nbsp;</span>Goto<span class=apple-converted-space>&nbsp;</span><a

href="http://Google.com"><span style='color:windowtext'>Google.com</span></a>,

and select the iGoogle home page. (&#8230;portal page, now with gadgets&#8230;)<o:p></o:p></span></p>

</div>

<div style='margin-left:.5in'>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&nbsp;<o:p></o:p></span></p>

</div>

<div style='margin-left:.5in'>

<p class=MsoNormal style='text-indent:-.25in'><span style='font-family:"Arial","sans-serif"'>2.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span

class=apple-converted-space>&nbsp;</span>Install<span

class=apple-converted-space>&nbsp;</span><a

href="http://www.freexri.com/tools/GoogleGadget/"><span style='color:windowtext'>http://www.freexri.com/tools/GoogleGadget/</span></a><o:p></o:p></span></p>

</div>

<div style='margin-left:.5in'>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&nbsp;<o:p></o:p></span></p>

</div>

<div style='margin-left:.5in'>

<p class=MsoNormal style='text-indent:-.25in'><span style='font-family:"Arial","sans-serif"'>3.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span

class=apple-converted-space>&nbsp;</span>Use XRI gadget, type

&#8220;@blog*lockbox&#8221; and tryout &#8220;resolution&#8221; (see it popup a

teaching window, and note I have a certificate SEP registered for this

&#8220;endpoint&#8221;)<o:p></o:p></span></p>

</div>

<div style='margin-left:.5in'>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&nbsp;<o:p></o:p></span></p>

</div>

<div style='margin-left:.5in'>

<p class=MsoNormal style='text-indent:-.25in'><span style='font-family:"Arial","sans-serif"'>4.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span

class=apple-converted-space>&nbsp;</span>On teaching window, also tryout the

SAML option to get a signed XRD (choose resolve type &#8220;authority&#8221;)<o:p></o:p></span></p>

</div>

<div style='margin-left:.5in'>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&nbsp;<o:p></o:p></span></p>

</div>

<div style='margin-left:.5in'>

<p class=MsoNormal style='text-indent:-.25in'><span style='font-family:"Arial","sans-serif"'>5.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span

class=apple-converted-space>&nbsp;</span>On teaching window, also tryout the

SAML option with the XRDS option, to get *multiple* signed XRD forming a chain

of signed assertions (choose resolve type &#8220;authority&#8221;)<o:p></o:p></span></p>

</div>

<div style='margin-left:.5in'>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&nbsp;<o:p></o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>What is

interesting here is that .gov could easily publish its whitelist of OPs in such

a form, rather than kludging up a root registration authority. The XRD is

signed on the fly (even though the registered &#8220;cert&#8221; for the

OP&#8217;s https endpoint is static). To scale out the domain graph, there are

chains&#8230;much as one has chains of certs and x-certs in PKI-based domain

management.<o:p></o:p></span></p>

</div>

<div style='margin-left:.5in'>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&nbsp;<o:p></o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>If anyone has

an XRI Resolution client in .NET, please let me know. In security, having your

own code interwork with your own code is typically not a strong proof of

anything.<o:p></o:p></span></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&nbsp;<o:p></o:p></span></p>

</div>

<div style='margin-left:.25in'>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&nbsp;<o:p></o:p></span></p>

</div>

</div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>_______________________________________________<br>

general mailing list<br>

<a href="mailto:general@lists.openid.net"><span style='color:windowtext'>general@lists.openid.net</span></a><br>

<a href="http://lists.openid.net/mailman/listinfo/openid-general"><span

style='color:windowtext'>http://lists.openid.net/mailman/listinfo/openid-general</span></a><o:p></o:p></span></p>

</div>

</div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

</div>

</div>

</body>

</html>