Key Discovery In DTP Draft 3
Recordon, David
drecordon at verisign.com
Fri Jan 5 06:06:54 UTC 2007
Hey guys,
Was looking at
http://openid.net/specs/openid-service-key-discovery-1_0-01.html tonight
and curious why the decision was made to define the <PublicKey />
element which contains a link to the RSA key or X.509 certificate versus
embedding the key in the XRDS file?
>From the research I've done tonight, it looks like the W3C in 2002
described how to do this as part of xmldsig. Seems like we can just use
the <KeyInfo> element.
http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-KeyInfo
They've also then recently put out a note describing the changes to that
document to match XML in 2006.
http://www.w3.org/TR/2006/NOTE-DSig-usage-20061220/
Is there something that I'm missing from the design standpoint as to why
this wasn't done? If anything, it seems like it would reduce a fetch if
the key was in the XRDS file itself.
--David
More information about the specs
mailing list