[Specs-cx] Intro. to the concept behind CX

[Nat Sakimura]

=hdknr is busily preparing the initial document for the current thought now
(which is going to be submit around Wednesday), but I will start introducing
concept here little by little. (I thought of using wiki.openid.net but I did
not know whether I can control the edits so that we do not get exposed to
IPR pollution, so I am doing it here.)

The main concept of the Contract Exchange is to exchange the public key
signed contract among “parties”. Basic model calls for two parties, with two
additional signatories. Under current situation, Signatories are typically
servers/services.

There will be a contract proposal (offer) on the table to start with. It is
signed by the Offerer. The signature achieves two things:

1) Non-repudiation: The offerer really made the offer.
2) Integrity: The accepting party cannot change the offer.

Once the accepting party reads the offer and agrees to it, the contract is
established, and to signify it, the accepting party will counter-sign the
document.

That’s all what it does.
It could subsequently be used as a token to obtain further data or service,
i.e., just like an Access Token of OAuth.

The protocol that we have been talking at various venues (such as IIW) is
actually very simple. It is almost a simplified version of OAuth with a bit
of  tweaks.

So, now you understand: There are two important parts in CX.

1) Contract Format
2) Protocol to exchange signed contract.

Of the two, 2) is actually easier, as I mentioned above.

In the following posts, I will talk about each.


-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-cx/attachments/20090608/731f9c81/attachment.htm>