[OpenID] Signing method for XRD

Thu Jun 11 05:01:55 UTC 2009

I proposed something I called XML-RSig for similar reasons a few years  
ago:
	http://netmesh.info/jernst/Technical/really-simple-xml-signatures.html

"RSig" for "Really simple Signature".

The trouble for OpenID and XRD and so forth is that it is not our core  
competency -- and shouldn't be -- to innovate around things that  
really aren't our business. Signing XML documents isn't our business.

On the other hand, the people whose business it should be somehow seem  
to be asleep at the wheel, as the problems are well-known and somehow  
aren't being addressed, and haven't for years.

It seems to me that the best way out of this conundrum is:
1. to foresee, architecturally, the use of several different ways of  
constructing signatures, as the matter clearly isn't settled
2. to make sure that high-end approaches (like XML-DSIG) work well,  
but low-end approaches (like XML-RSIG) work just as well
3. to maintain a best practices document that says "today, choice X is  
your best bet, and we say that because based on our market research, X  
has the highest market share in terms of implementors today."

As we all know, any problem in computer science can be solved by  
adding a level of indirection. This may well be one of those cases.

Johannes Ernst
NetMesh Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 977 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20090610/a26dbdca/attachment-0004.gif>
-------------- next part --------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid.gif
Type: image/gif
Size: 903 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20090610/a26dbdca/attachment-0005.gif>
-------------- next part --------------
  http://netmesh.info/jernst