So it is now clear to me that identity protocols cannot use the XRD specification "as is". There has to be a new "Identity Resource Descriptor" specification sitting in between XRD and all identity protocols that draw from XRD.<div>
<br></div><div>I will explain the problem with an hypothetical example. Lets say webfinger were to specify that the <Subject> of the XRD is not required. And a future OpenID spec mandates the use of <Subject>, because the OpenID folks felt that XRD with no Subject was a security risk. The future OpenID Spec will not be able to use the webfinger protocol (which according to current thinking it may want to).</div>
<div><br></div><div>In any case an "Identity Resource Descriptor", without a Subject to describe it, is entirely meaningless to me. So a new identity Layer for XRD is called for that mandates the use of <Subject> in all Identity Resource Descriptors. (IRD's).<br>
<br><div class="gmail_quote">On Thu, Oct 22, 2009 at 8:46 AM, John Bradley <span dir="ltr"><<a href="mailto:ve7jtb@ve7jtb.com">ve7jtb@ve7jtb.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div style="word-wrap:break-word">I suppose if we were starting fresh we could have called it RDML.<br><div><br></div><div>I don't know that there is a meaningful distinction between a document format like OpenDocument and meta-markup language like SAML. Technically they are the same.</div>
<div><br></div><div>The XRI-TC will also be producing a XRI 3.0 spec that will use this updated XRD document specification.</div><div><br></div><div>Webfinger and others may also produce processing specifications for XRD or profiles of XRD.</div>
<div><br></div><div>XRD is NOT an identifier.</div><div><br></div><div>XRDS as currently used in openID discovery stands for eXtesable Resource Descriptor Sequence.</div><div><br></div><div>Yadis never made any use of the Sequence feature so we made it optional. </div>
<div><br></div><div>Hense the main document format spec is now called XRD and not XRDS.</div><div><br></div><div>I know people are planning on using it with a multitude of different identifiers including email addresses.</div>
<div><br></div><div>It is still XML and the document is a meta-data descriptor not an identifier.</div><div><br></div><div>John B.</div><div><div></div><div class="h5"><div><br></div><div><div><div>On 2009-10-21, at 11:13 PM, Santosh Rajan wrote:</div>
<br><blockquote type="cite">In other words now you are saying that XRD is another markup language like HTML and SAML. In which case you should be calling it "XRML" for Extensible Resource Markup Language.<div><br>
</div><div>So what started as a "Descriptor" has morphed into a "Markup Language".</div>
<div><div><br></div><div>So this gives scope for someone else to write the "REAL" Extensible Resource Descriptor Specification on top of XRML.</div><div><br></div><div><br><div class="gmail_quote">On Thu, Oct 22, 2009 at 2:24 AM, John Bradley <span dir="ltr"><<a href="mailto:ve7jtb@ve7jtb.com" target="_blank">ve7jtb@ve7jtb.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">XRD is a XML document spec.<div><br>
<br>
On 2009-10-21, at 5:21 PM, John Kemp wrote:<br>
<br>
</div><div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
John Bradley wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
It means that some protocol that is using XRD is defining the subject via some external mechanism.<br>
</blockquote>
<br>
So the XRD spec. is a template spec. meant to be simply incorporated by reference into other specs. I guess?<br>
<br>
</blockquote></div>
Like other XML specs eg SAML 2.0 it can be used multiple specifications that process XML documents.<br>
<br>
External specs can profile the XRD spec.<div><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
In the HTTP protocol case there may be an implicit subject based on the identifier that is being resolved.<br>
</blockquote>
<br>
As mentioned earlier, if the _subject_ of the XRD is identified (implicitly) by the same URI used to retrieve the XRD itself, then that seems rather circular.<br>
<br>
</blockquote></div>
The XML document describes a resource and provides links to associated resources.<br>
A HTML page doesn't need to explicitly say what URI it is retrieved from in its internal markup.<br>
<br>
Like with HTML sometimes the subject is defined by the transport or other external method.<br>
<br>
Thanks<br>
John B.<div><div></div><div><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
All normal http caching would apply in the http: case.<br>
</blockquote>
<br>
Sure, I'm not quibbling with caching...<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
In the IMI/SAML case we have discussed pushing a XRD as a assertion/claim.<br>
In that case the subject may be the same as the saml:NameID in the containing saml:Assertion.<br>
It could perhaps be argued that putting a xrd:Subject and signature inside a signed saml:Asertion is un-neccicary.<br>
Suffice to say it is up to the protocol using XRD to decide what to make of a XRD without a xrd:Subject.<br>
</blockquote>
<br>
OK, I think I've understood ;)<br>
<br>
Cheers,<br>
<br>
- johnk<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
John B.<br>
On 2009-10-21, at 3:09 PM, John Kemp wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
John Bradley wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Yes a XRD can be used for identity. In that case it should be a signed XRD (with Subject)<br>
However a XRD can be used to describe any resource (URI).<br>
</blockquote>
<br>
What does it mean then (in XRD terms) if an XRD doesn't identify the resource it describes (ie. it doesn't have a subject)?<br>
<br>
- johnk<br>
</blockquote></blockquote>
<br>
</blockquote>
<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><a href="http://hi.im/santosh" target="_blank">http://hi.im/santosh</a><br><br><br>
</div></div>
</blockquote></div><br></div></div></div></div></blockquote></div><br><br clear="all"><br>-- <br><a href="http://hi.im/santosh">http://hi.im/santosh</a><br><br><br>
</div>