Comment on OpenID Federation Spec: Mystical Metadata Statements?

[Mike Jones]

I'll make a note to give this section another read and consider how to make it more accessible.  Thanks for giving the spec a full read.

				-- Mike

-----Original Message-----
From: specs <openid-specs-bounces at lists.openid.net> On Behalf Of Mike Schwartz
Sent: Saturday, June 9, 2018 1:24 PM
To: openid-specs at lists.openid.net
Subject: Comment on OpenID Federation Spec: Mystical Metadata Statements?

I have no idea what section 3.4.1 is telling me... and it's the heart of this spec. Granted, I'm not a mathematician. But am I the only one who finds this conceptually a little unclear? Is it's lack of comprehensibility just not a problem in this case? And if so, is "Basic" 
the right term for the title?

Also, please remove the "simple" from this section. If you're trying to say it's simple for marketing reasons, it's not working.

(Section 3.4.1 copied below for convenience)

- Mike Schwartz
Gluu


3.4.1. Basic Components

To describe Compounded Metadata Statements, we need a way of describing the different components in such a statement. These are the basic
components:

ms_X

Metadata Statement signing request by X without signing keys and signed metadata statements.
SK[X]

Signing keys that belong to X
X(MS)

Metadata Statement signed by X
A(ms_B + SK[B])

Using these basic components, we can now describe a simple signed Metadata Statement as:

(ms_C + SK[C])
(ms_C + SK[C] + A(ms_B + SK[B]))

Creating a compounded metadata statements involves adding previously signed metadata statements to the request before signing it. So, if we start off with C sending this signing request to B,

B(ms_C + SK[C) + A(ms_B + SK[B]))


This is the resulting compounded metadata statement:

Note that the level N requester is the level N+1 signer.
_______________________________________________
specs mailing list
specs at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs