XRD as of July 22.

July 23rd, 2009Uncategorized0 Comments
Share Button

According to the current XRI TC discussion, it is looking like this. 

<xrd>
    <Subject set="beginswith">...</Subject>
    <Alias>...</Alias>
    <KeyDescriptor use="*">
        <ds:KeyInfo>
           ...
        </ds:KeyInfo>
    </KeyDescriptor>
    <ds:Signature>
        <ds:KeyInfo>
           ...
        </ds:KeyInfo>
    </ds:Signature>
    <link>
        <rel>...</rel>
        <uri>...</uri>
        <Subject>...</Subject>
        <ds:KeyInfo>
           ...
        </ds:KeyInfo>
    </link>
</xrd>

Description

xrd/Subject : Type=URI. Subject Identifier or portion of Subject Identifier. CanonicalID in XRDS.

xrd/Subject/@set : (Option) Can specify “beginswith” to signify that the URI is only partial and beginswith the string.

xrd/Alias: Alias URI for the Subject.

xrd/KeyDescriptor: Wrapper element for ds:KeyInfo for the Subject.

xrd/KeyDescriptor/@use : Specify the usage of the KeyInfo, e.g., Signature, Encription, etc.

xrd/ds:Signature: Expresses the Signatory and the Signature over this XRD.

xrd/link: Shows the relationship that this Subject perceives against other subject.

xrd/link/Subjct: the Subject of the linked XRD.
xrd/link/ds:KeyInfo: has the public key of the Signatory of the Subject of the linked XRD. The linked XRD will be signed by the private key that corresponds to this public key, users can verify that the link is actually an inteded one.

Discussion Points

  1. Do we really need KeyDescriptor?
  2. Do we really need xrd/link/Subject? Would not xrd/link/uri suffice?
Share Button

About The Author

Having been working on Digital Identity since 2000. Co-author of various identity related specifications like OpenID Connect, JSON Web Token. Chair of the OpenID Foundation (2011-) Vice Chair of the OpenID Foundation (2010), Founder of OpenID Foundation Japan (2008-), Trustee of Kantara Initiative (2009-).