[prev in list] [next in list] [prev in thread] [next in thread]
List: openid-general
Subject: Re: [OpenID] XRIs for authenticating non people "resources"
From: "Gabe Wachob" <gwachob () wachob ! com>
Date: 2008-04-14 17:42:17
Message-ID: a813249a0804141042m454bec5cidb64d068254f7fa4 () mail ! gmail ! com
[Download RAW message or body]
Peter-
I'm not aware of this sort of use now, but we've talked about
embedding all sorts of information in XRIs for years (whether or not
thats a good idea or not is probably a longer discussion). As an
example, we have discussed the concept of "self-authenticating"
identifiers way back in 2003: (in the footnote):
http://lists.oasis-open.org/archives/xri/200304/msg00062.html (ugly
formatting - yech)
I'd be interested in seeing folks play around with this stuff -
with the caveat that creating islands of interoperability may go
against the main thrust of the intent of OpenID...
-Gabe
On Mon, Apr 14, 2008 at 10:12 AM, Peter Williams
<pwilliams@rapattoni.com> wrote:
>
>
> Wanting to discover the practical limits of where its reasonable to go (in
> what timeframe) with XRI in OpenID2, I noted in wikipedia XRI article
> certain XRI examples that do NOT denote people.
>
> xri://broadview.library.example.com/(urn:isbn:0-395-36341-1)/(+hardcover)
> xri://broadview.library.example.com/(urn:isbn:0-395-36341-1)/(+softcover)
> xri://broadview.library.example.com/(urn:isbn:0-395-36341-1)/(+reference)
> As I could not see any limits imposed on XRI name forms in OpenID2 specs, I
> wondered about applying the notion to US realty infrastructure issues.
>
> In US realty, we have the data on a couple of billion current and historical
> listings (your homes and offices for sale, rent...) that are today
> referenced by a URL. Yes, of course, lots of people are then linked to those
> listing records (the agents, the interested parties, the buyers and sellers
> and the N other professionals to be used in closing residential market
> 6-figure transaction ..., and then all the SSO links to those N
> professionals' banking/insurance/recording/brokering management systems. The
> control system for distributing the attribute schema, attribute and object
> metadata and the identities of the management authorities is all run in a
> pure peer-peer model today (i.e. 100% distributed as PRMDs, to use an
> ancient ISO term), where each local authority is represented by the
> domain-name address of the server endpoint.
>
> If I wanted to now make a directory forest of all the authorities (vs the
> listings), I suppose I'm really rebuilding the classical ActiveDirectory
> forest of forests model. I'm guessing it would be appropriate to exploit the
> form of cross-referencing XRIs given above. For each city's listing service,
> xri://nationalmls.com, the embedded URI in parenthesis could be todays
> (fully qualified) query-based URL to a particular listing authority, making
> such as a
>
> xri://nationalmls.com/(http://demo.crt.realtors.org:6103/rets/search?Class=Residenti \
> alProperty&Format=XML&Limit=1&Query=%28LN%3d0%2b%29&QueryType=DMQL2&SearchType=Property&StandardNames=0)
>
> (Obviously, the query and querytype could easily be SPARQL instead of DMQL2,
> for greater interoperability with the web mashup world.)
>
> If I wanted to reference the very framework for the web of trust for a
> peer-peer "trusted naming graph" representing those authoritys' actual
> reciprocal/data-sharing arrangements, it could presumably take such form
> such as
>
> xri://nationalmls.com/(urn:inet?url=http://localmls.com/rets/foaf/wotont.rdf&parsetype=rdf)/
> Now that URN doesn't exactly look well formed, even if legal syntax. On the
> basis that I can similarly embed javascript (via data protocol encoding),
> presumably I can go one step further and just put code in the XRI name too,
> indirectly referencing private class namespaces that understand my private
> web protocol.
>
>
> xri://nationalmls.com/(data:text/xml;base64,bmV3IENPTS5SQVBBVFRPTkkuUmFwTUxTLkRhdGFT \
> b3VyY2UoImluZXQ/dXJsPWh0dHA6Ly9sb2NhbGhvc3Q6NzA1Ni9yZXRzL2ZvYWYvd290b250LnJkZiZwYXJzZXR5cGU9cmRmIik=)
>
> As long as the trusted resolver mode of XRI is being used in the OpenID2
> handshake, we could arrange for an Authenticode-like basis for accrediting
> the source of the javascript built into the name form. Obviously, runtime
> classes can be easily digitally signed these days for online-distribution,
> limiting their runtime privileges as appropriate. Appropriate encoding of
> this URI would be required of course, mitigating XSS vulnerabilities.
> Anyone doing anything like this with XRI and OpenID? There may be
> opportunity to run a simple gateway for us, to experiment with the praxis of
> XRI cross-referencing as a means of implementing "forest of forest" trust
> models in OpenID2.
> _______________________________________________
> general mailing list
> general@openid.net
> http://openid.net/mailman/listinfo/general
>
>
--
Gabe Wachob / gwachob@wachob.com \ http://blog.wachob.com
This ideas in this email: [ ] I freely license [X] Ask first [ ] May
be subject to patents
_______________________________________________
general mailing list
general@openid.net
http://openid.net/mailman/listinfo/general
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic