[higgins-dev] Re: IdAS Registry and XRI Ad hoc conf call #2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[higgins-dev] Re: IdAS Registry and XRI Ad hoc conf call #2

From: "Paul Trevithick" <paul@xxxxxxxxxxxxxxxxx>
Date: Thu, 22 Feb 2007 16:40:14 -0500
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AcdWyglxBB1L4sxDQ3WxwWgCWCbtWg==

I’m fwding the following email on Drummond’s behalf:

Jim,

From everything I know so far (which isn’t enough ;-), I think your analysis is correct, and Andy correctly identified that the two-step XRI resolution pattern is the one you need.

In the first step, you want a Higgins CID (context identifier) to be resolvable (when represented as an XRI) to an XRDS that describe metadata about that CID. This CID description metadata could then optionally include a second XRI representing a specific set of configuration metadata, which can be resolved to obtain (and cache) a copy of that configuration metadata.

The precedent we’ve seen for this is the use of SAML authentication for identifies represented with XRIs. The original XRI, say =drummond, is resolved to an XRDS document with a SAML authentication service endpoint (itself identified with the XRI “xri://+i-service*(+metadata)*(+saml)*($v*1.0)” as documented at http://iss.xdi.org/moin.cgi/IserviceEndpointDefinitions).

This service endpoint block in the XRDS in turn contains a ProviderID element with an XRI identifing the SAML authentication service provider (example: xri://@2idi or xri://@!23a7.c58d.4307.dd3a). An application consuming an SAML authentication service endpoint would then know to resolve the ProviderID XRI to obtain another XRDS with a service endpoint for the SAML authentication service provider’s SAML metadata (this service is identified with the XRI
“xri://+i-service*(+metadata)*(+saml)*($v*1.0)”, also as documented at http://iss.xdi.org/moin.cgi/IserviceEndpointDefinitions). The URI element of this service is the current location of the SAML metadata document for that SAML authentication service provider, which can then be retrieved directly over https.

Applications consuming SAML authentications know to cache the SAML metadata document once they retreive it because it won’t change very often (and contains its own cache control metadata), so resolution of the second XRI to obtain the URI for the SAML metadata document only has to be done once for each new SAML authentication service provider.

I’d say the same pattern applies here: applications consuming Higgins CIDs would only need to retreive the second XRI describing the context configuration metadata once for each new context configuration and then cache it, updating the cache as necessary after that.

Hope this helps. (Note that I’m hopping on a plane this afternoon and will be sporadic on email until Monday.)

Best,

=Drummond
206.364.0992 office
206.618.8530 cell
drummondreed skype

Prev by Date: Re: [higgins-dev] IdAS Registry and XRI Ad hoc conf call #2
Next by Date: [higgins-dev] IdASRegistry as Singleton?
Previous by thread: [higgins-dev] Higgins call Agenda
Next by thread: [higgins-dev] IdASRegistry as Singleton?
Index(es):
- Date
- Thread

Breadcrumbs