Pete Rowley wrote:
John Merrells wrote:Does it have to be resolvable? Well it's optional whether the Membersite fetches the Persona Page at the end of the Persona URL to check for the Delegation Tag to ensure that the Homesite stated in the fetch-response message really has been delegated authority to authenticate that Persona URL....Isn't it the _user_ that delegates that authority by providing the homesite-url in the first place? And hasn't the membersite shown its willingness to do so by actually performing
ack s/membersite/homesite/
the function? And the proof that it did in fact perform the function is the next part of the verification process - ensuring it sent the fetch-response message.Interesting question... Do you have a cunning idea that motivated that? Perhaps a use case for the DIX Use Case ID?I am looking at how a DMD1 homesite can be implemented using an external data source / identity authority (say, an LDAP directory server) using existing http server features (apache). So purely from that view point I would like to avoid having to have a file for each "persona".Different names? So, are you saying the sxip#1 capabilities only come from sxip and if I want to supply say, a user first name, from some other authority I would need to name the property differently?The Homesite can ask the user for self asserted attribute values.It's up to the Membersite whether self asserted attribute values or third party asserted attribute values are acceptable. It does this in the fetch request by listing the properties it requires... self asserted and third party asserted have different names.------------------------------------------------------------------------ _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
-- Pete
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
