<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>The scope not scope and subject not subject is the same pattern
as can be found in the semweb’s foaf world (where they do exactly the
same thing). <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>If I play arbiter, if you swap the contentious word security
for trust, I don’t think the folks writing XRD spec will disagree with
you.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>They have already admitted that subject is mandatory for trusted
XRD (under some trust model is tied to verifying the crypto-signatures).<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>So they are admitting that subject is required as security
control, for trusted XRD.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Yes, that implies that there can be no trusted version of
host-meta (if its true that the profile mandates that subject is always
missing). I didn’t bother reading any more of the I-D to get to its
security section, since its obscure writing was making me ill.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Not every XRD has to be a trusted XRD.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Presumably, host-meta profiled XRD will use security mechanism
OTHER than trusted XRD (i.e. signatures). One can guess – knowing IAB
types - there are plans to exploit secure DNS, and tie the authority component of
the anything matching the scopes to domain names, which have their own metadata
in the signed DNS resource record (of course).<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal style='margin-left:.5in'><b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> Santosh Rajan [mailto:santrajan@gmail.com] <br>
<b>Sent:</b> Saturday, October 24, 2009 9:20 PM<br>
<b>To:</b> Peter Williams<br>
<b>Cc:</b> general@openid.net<br>
<b>Subject:</b> Re: [OpenID] Comment on new Draft host-meta<o:p></o:p></span></p>
</div>
<p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p>
<p class=MsoNormal style='margin-left:.5in'>Hey Peter,<o:p></o:p></p>
<div>
<p class=MsoNormal style='margin-left:.5in'>Nice to see you back :-)<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:.5in'>I can understand your point. I don't
have a problem with host-meta having a "Scope". My problem is that it
can't replace the Subject.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:.5in'>I am convinced that any spec that
allows an XRD without a Subject, has a hole in it, big enough to sail an
aircraft carrier through.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:.5in'>The reason why the host-meta does
not have a Subject, is not so much because conceptually it does not have one.
On the other hand it is because no one has come up with an agreeable Subject
for everyone. The best one I have seen so far is<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:.5in'><Subject>dns:<a
href="http://example.com">example.com</a></Subject><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:.5in'>I don't see a problem in adding the
above Subject to the host-meta XRD. Now if you "really" need a
<Scope> over and above the <Subject>, I am Ok with that. Even
though I believe a judicious use of a Subject and Aliases will obviate the need
for a Scope.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:
12.0pt;margin-left:.5in'><o:p> </o:p></p>
<div>
<p class=MsoNormal style='margin-left:.5in'>On Sun, Oct 25, 2009 at 8:58 AM,
Peter Williams <<a href="mailto:home_pw@msn.com">home_pw@msn.com</a>>
wrote:<o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'><br>
Santosh:<br>
<br>
Take the first example:-<br>
<br>
<?xml version='1.0' encoding='UTF-8'?><br>
<XRD xmlns='<a href="http://docs.oasis-open.org/ns/xri/xrd-1.0"
target="_blank">http://docs.oasis-open.org/ns/xri/xrd-1.0</a>'<br>
xmlns:host-meta='<a
href="http://host-meta.net/ns/1.0" target="_blank">http://host-meta.net/ns/1.0</a>'><br>
<br>
<host-meta:Scope scheme='http' authority='<a
href="http://example.com" target="_blank">example.com</a>' /><br>
<host-meta:Scope scheme='http' authority='<a
href="http://www.example.com" target="_blank">www.example.com</a>' /><br>
<br>
<Link><br>
<Title xml:lang='en-us'>Site
License Policy</Title><br>
<Rel>license</Rel><br>
<URI><a
href="http://example.com/license" target="_blank">http://example.com/license</a></URI><br>
</Link><br>
<Link><br>
<Title xml:lang='en-us'>Resource
Descriptor</Title><br>
<Rel>describedby</Rel><br>
<URITemplate><a
href="http://meta.example.com?uri=%7buri%7d" target="_blank">http://meta.example.com?uri={uri}</a></URITemplate><br>
</Link><br>
</XRD><br>
<br>
<br>
If I use my old-for-new interpretation (which uses what I mostly understood<br>
from the XRI model in its era):-<br>
<br>
This XRD has no XRD.subject. This means there is no named<br>
XRI-style-authority bound to this XRD. Ok. So its an anonymous<br>
XRI-style-authority. (No big deal in graph theory, where anonymous nodes<br>
abound.)<br>
<br>
But, rather than be bound to any named XRI-style-authority, the XRD does<br>
have scope - declared using some IETF-defined XRD extension vocabulary for<br>
scope rules. In my mental model, the scope is a simple identifier class<br>
pattern - that defines a set of XRI-style-authorities to which this XRD is<br>
bound. (In graph theory an inverse functional relation for names bound to<br>
this XRI-style-authority. No big deal.)<br>
<br>
>From what I know of the old XRI algebra (and its polyarchical basis),<br>
several named XRI-style-authorites could always share an actual XRD. So, I<br>
dont find the notion of scope being used to bind several XRI-style-authority<br>
to 1 XRD particularly strange. Its an applciation of the the whole
synonym<br>
thing - that made XRI so interesting to start with. (again, none of this is<br>
particular weird in graph theory, where any node can have n self-referring<br>
arcs with unique names)<br>
<br>
So, the XRD attaches to all XRI-style-authorities (x elementOf X) where any<br>
name/identifer x meets the scope pattern (of which there are 2). The<br>
identifier form of x is an http URIs (see scope rules), which (as usual)<br>
have a scheme and URI-authority component (circa 1994). (Nothing hard here,<br>
but a bit of algebra gives us a formal variable to now play with in other<br>
formulae.)<br>
<br>
in the XRD (now implicitely late-bound to probably multuple<br>
XRI-style-authorities meeting the scope patterns) there are two SEPs (sorry,<br>
I MUST learn to say "links").<br>
<br>
One link has a static URI locating copyright metadata, as declared in its<br>
relationship field. I can GUESS that host-meta extension defines some<br>
semantics that declare that the linked metadata (an XRD document, I assume)<br>
applies to any and all XRI-style-authorities x...matching the scope<br>
patterns. (Its a guess, but seems reasonable. if its right, that was not<br>
hard: here is the copyright file that is incorporatde by reference into any<br>
resource whose uri=x, where x satisfied the scope rules)<br>
<br>
Another SEP/link has a URI template. It seems to say: given the uri x<br>
identifying any 1 of the XRI-style-authority matching the scope patterns,<br>
additional metadata about that uri x can be found by querying<br>
<a href="http://meta.example.com?uri=x" target="_blank">http://meta.example.com?uri=x</a>.
(Now that all Peter's guess, but none of it<br>
seems hard or unreasonable. This is the same model as Henry gave about foaf<br>
metadata describing the URL at which the foaf document bearing the metadata<br>
can be retrieved.)<br>
<br>
Now, I have to say that I found the writing in the internet-draft bizarre,<br>
unapproachable, aloof and overly pseudo-intellectualized.<br>
<br>
The example however speaks for itself and (formal writing issues aside)<br>
seems obvious and useful.<br>
<br>
Now IGNORE my interpretative basis (as its all wrong, apparently).<br>
Strangely, though, it makes perfect sense - which is far more than RFC's<br>
written introduction did.<o:p></o:p></p>
<div>
<div>
<p class=MsoNormal style='margin-left:.5in'><br>
<br>
<br>
Santosh Rajan wrote:<br>
><br>
> Quoting from<br>
><br>
> <a href="http://www.ietf.org/id/draft-hammer-hostmeta-01.txt"
target="_blank">http://www.ietf.org/id/draft-hammer-hostmeta-01.txt</a><br>
><br>
> "host-meta document SHOULD NOT include the 'Subject' or 'Alias' XRD<br>
> elements since these elements require a valid URI to identify
the<br>
> resource being described, which is not available for the
host-meta<br>
> scope."<br>
><br>
><br>
> Yet you have taken the very same URI's, that should have been in the<br>
> Subject<br>
> and Alias fields to begin with, split them into scheme and authority,<br>
> stuck<br>
> them into a new "Scope" element and embelished it with a new
namespace to<br>
> give it more legitimacy. Logically i dont see any difference from using<br>
> the<br>
> Subject and Alias.<br>
><br>
><br>
> "not available for the host-meta scope" is very different from
"not<br>
> available for the host-meta". You cannot justify ignoring the Subject
of<br>
> the<br>
> XRD, based on its "Scope". The Subject of an XRD is about the
XRD itself<br>
> and<br>
> not its scope.<br>
><br>
><br>
> The host-meta is not some "Thing" that resides in somebody's
backyard, so<br>
> that it cannot have a URI to identify it. As for differentiating the<br>
> host-meta from the actual URL resource, haven't we already done it with<br>
> the<br>
> ".well-known" path? There is no valid justification to ignore
the Subject<br>
> here.<br>
><br>
><br>
> As for your use of "authority", i see a couple of problems using
it.<br>
> 1) "authority" has a "userinfo" part that will break
your usage of it in<br>
> this context.<br>
> 2) URN's do not have a authority part. scheme="acct",<br>
> authority="<a href="http://yahoo.com" target="_blank">yahoo.com</a>"<br>
> is meaning less.<br>
><br>
> --<br>
> <a href="http://hi.im/santosh" target="_blank">http://hi.im/santosh</a><br>
><o:p></o:p></p>
</div>
</div>
<p class=MsoNormal style='margin-left:.5in'>>
_______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@lists.openid.net">general@lists.openid.net</a><br>
> <a href="http://lists.openid.net/mailman/listinfo/openid-general"
target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
><br>
><br>
> -----<br>
><br>
> Santosh Rajan<br>
> <a href="http://santrajan.blogspot.com" target="_blank">http://santrajan.blogspot.com</a><br>
><br>
<span style='color:#888888'><br>
--<br>
View this message in context: <a
href="http://www.nabble.com/Comment-on-new-Draft-host-meta-tp26036844p26045022.html"
target="_blank">http://www.nabble.com/Comment-on-new-Draft-host-meta-tp26036844p26045022.html</a><br>
Sent from the OpenID - General mailing list archive at Nabble.com.<br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@lists.openid.net">general@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-general"
target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a></span><o:p></o:p></p>
</div>
<p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:
12.0pt;margin-left:.5in'><br>
<br clear=all>
<br>
-- <br>
<a href="http://hi.im/santosh">http://hi.im/santosh</a><br>
<br>
<o:p></o:p></p>
</div>
</div>
</body>
</html>