So now I want to post my grouse no (2) with XRD. The idea that the <Subject> of an XRD can be implicit or "0" is a BAD BAD BAD Idea!! Sorry Dirk for the Caps and exclamations. I will list out the reasons.<div>
<br></div><div>1) XRD without <Subject> is a security risk. If nothing, it makes life easier for the "Man in the middle attacker".</div><div>2) Cacheing of XRD's is thrown out of the window. You can't cache XRD's without a <Subject>. I firmly believe that Cacheing of XRD's will be a "BIG THING". Applications "IN THE KNOW OF XRD's" will deifinitely like to cache XRD's. It will definitely speed up the discovery process.</div>
<div>3) The whole idea of millions/billions XRD's flying around the WWW like "headless chicken" (without subject) is giving me nightmares.</div><div><br></div><div>The <Subject> MUST be made mandatory for every XRD.</div>
<div><br><div class="gmail_quote">On Tue, Oct 20, 2009 at 2:26 AM, Breno de Medeiros <span dir="ltr"><<a href="mailto:breno@google.com">breno@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
The subject of an XRD is implicitly the URI of the resource that was<br>
discovered and resulted in this XRD being returned as its metadata. So<br>
in general Subject is not needed.<br>
<br>
When the same metadata applies to multiple URIs then one can be the<br>
Subject and others can be Aliases.<br>
<br>
Another use for Subject is for the XRD signature. A sound trust model<br>
needs to validate the binding of subject and metadata in the<br>
signature, so Subject should always be present in signed documents,<br>
unless the application defines other means to bind the metadata and<br>
resource in a verifiable way.<br>
<font color="#888888"><br>
<br>
--<br>
--Breno<br>
<br>
+1 (650) 214-1007 desk<br>
+1 (408) 212-0135 (Grand Central)<br>
MTV-41-3 : 383-A<br>
PST (GMT-8) / PDT(GMT-7)<br>
</font></blockquote></div><br><br clear="all"><br>-- <br><a href="http://hi.im/santosh">http://hi.im/santosh</a><br><br><br>
</div>