atom feed27 messages in org.oasis-open.lists.xriRe: [xri] trusted discovery workflow
FromSent OnAttachments
Brian EatonDec 4, 2008 8:36 am 
Dirk BalfanzDec 4, 2008 10:01 am 
Brian EatonDec 4, 2008 11:33 am 
Dirk BalfanzDec 4, 2008 11:59 am 
Drummond ReedDec 4, 2008 12:05 pm 
Brian EatonDec 4, 2008 2:20 pm 
Brian EatonDec 4, 2008 4:50 pm 
Nat SakimuraDec 4, 2008 10:57 pm 
Drummond ReedDec 4, 2008 11:09 pm 
Ben LaurieDec 5, 2008 5:00 am 
Brian EatonDec 5, 2008 7:40 am 
Brian EatonDec 5, 2008 7:40 am 
Eran Hammer-LahavDec 5, 2008 8:33 am 
Eran Hammer-LahavDec 5, 2008 8:36 am 
Peter DavisDec 5, 2008 8:49 am 
Brian EatonDec 5, 2008 9:33 am 
Eran Hammer-LahavDec 5, 2008 9:46 am 
Brian EatonDec 5, 2008 9:57 am 
Eran Hammer-LahavDec 5, 2008 10:24 am 
Ben LaurieDec 5, 2008 10:53 am 
John BradleyDec 5, 2008 10:59 am 
Breno de MedeirosDec 5, 2008 11:09 am 
Ben LaurieDec 5, 2008 12:27 pm 
Breno de MedeirosDec 5, 2008 1:12 pm 
Brian EatonDec 5, 2008 2:38 pm 
Sakimura NatDec 5, 2008 11:01 pm 
Eran Hammer-LahavDec 5, 2008 11:35 pm 
Subject:Re: [xri] trusted discovery workflow
From:Dirk Balfanz (balf@google.com)
Date:Dec 4, 2008 10:01:03 am
List:org.oasis-open.lists.xri

Hi Brian,

thanks for putting this up. A few comments:

- it would be nice if you stated explicitly what the inputs and outputs of the algorithm are. I believe they are the following:

input: (Reference R, KeyIdentifier currentAuthority) output: Reference (is Null if trust cannot be established)

- currentReference is never used inside the loop

- the terms you're defining, and the algorithm you're giving, are so abstract that it's hard to find any fault with it. So I'm going to speculate on some of the incarnations of this stuff and see whether what you're saying still makes sense.

(1) How do we get the Authoritative Key for a reference before dereferencing it? If R is some document then I can imagine that it can list the identifier of the authoritative key for the next reference in the discovery chain. But what if R is, say, the email address "bo@foo.com". We imagine that this email address points (in some yet-to-be-defined way) to the next reference in the discovery chain (which eventually leads to the metadata about this email address). But it cannot tell us what its authoritative key is. Wouldn't it be more natural to assume that authenticated references (of which "bo@foo.com" is not an example) are signed, and that we check whether the key used to sign them is authoritative? So you would have a procedure that, when we find an authenticated reference, goes _back_ and makes sure that the key used to sign the authenticated reference is in fact authoritative; as opposed to assuming that we can find (or at least name) an authoritative key _before_ we dereference a reference.

(2) Could we simplify the algorithm by assuming that authentication means delegation? I.e., if I don't want to delegate to a different authority, I don't sign my reference. If I _do_ want to delegate, then I sign it. And the place I'm forwarding to _is_ the authority to which I'm delegating.

Putting these two things together, how about something like this:

fuction(Reference R) returns Reference:

int MAX_ITERATIONS = the maximum number of hops you wish to follow before giving up Reference lastAuthenticatedReference = R for (iteration = 0; iteration < MAX_ITERATIONS; ++iteration) if R is Null // Discovery has failed return Null

if R is authenticated Key K = key_used_to_sign(R) if K is NOT authoritative for lastAuthenticatedReference // trust verification failed return Null

// are we done? if R has metadata of type T return R

// authentication succeeded, but we haven't found our metadata yet. // authentication means delegation lastAuthenticatedReference = R

R = followReference(R, T)

I don't know - at this point things are so abstract that it's hard to tell which one is better - but I have a feeling that it might be easier to do "if K is NOT authoritative for lastAuthenticatedReference" than it is to do "currentAuthority = nextR.delegatedAuthority"

Dirk.

On Thu, Dec 4, 2008 at 8:37 AM, Brian Eaton <bea@google.com> wrote:

I've put a proposal for a discovery work flow that results in a trusted document on the wiki. Comments and criticism most welcome:

http://wiki.oasis-open.org/xri/XrdOne/TrustWorkflow