I'll make a note to give this section another read and consider how to make it
more accessible. Thanks for giving the spec a full read.
-- Mike
-----Original Message-----
From: specs <[email protected]> On Behalf Of Mike Schwartz
Sent: Saturday, June 9, 2018 1:24 PM
To: [email protected]
Subject: Comment on OpenID Federation Spec: Mystical Metadata Statements?
I have no idea what section 3.4.1 is telling me... and it's the heart of this
spec. Granted, I'm not a mathematician. But am I the only one who finds this
conceptually a little unclear? Is it's lack of comprehensibility just not a
problem in this case? And if so, is "Basic"
the right term for the title?
Also, please remove the "simple" from this section. If you're trying to say
it's simple for marketing reasons, it's not working.
(Section 3.4.1 copied below for convenience)
- Mike Schwartz
Gluu
3.4.1. Basic Components
To describe Compounded Metadata Statements, we need a way of describing the
different components in such a statement. These are the basic
components:
ms_X
Metadata Statement signing request by X without signing keys and signed
metadata statements.
SK[X]
Signing keys that belong to X
X(MS)
Metadata Statement signed by X
A(ms_B + SK[B])
Using these basic components, we can now describe a simple signed Metadata
Statement as:
(ms_C + SK[C])
(ms_C + SK[C] + A(ms_B + SK[B]))
Creating a compounded metadata statements involves adding previously signed
metadata statements to the request before signing it. So, if we start off with
C sending this signing request to B,
B(ms_C + SK[C) + A(ms_B + SK[B]))
This is the resulting compounded metadata statement:
Note that the level N requester is the level N+1 signer.
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
