XRD Provisioning

From IIW

Tuesday – 1 - G

Conference: IIW 10 May 17-19, 2009 this is the complete Complete Set of Notes

Convener: Jared Hanson

Notes-taker(s): Jared Hanson

A. Tags for the session - technology discussed/ideas considered:


B. Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Links: http://xrdprovisioning.net

Topics: How to identify the link?

  • use the xml:id attribute or the href:type:rel tuple
  • href:type:rel should be good enough but xml:id is the purist solution
  • consensus to use the xml:id to identify the link rather than matching the href:type:rel tuple
  • the POST of the <Link> can request a particular xml:id but the service can override the xml:id and return it to the caller

Ownership of who is allowed to update which links

  • Use OAuth to protect the REST APIs
  • proposal to add an extension element "dc:owner" to the actual link element

Is there a need to identify what the protection mechanism is?

  • maybe a separate doc to map to HTTP Basic or OAuth
  • leverage the WWW-Authenticate header to identify how the

Need to make sure that an attacker CAN NOT update someone else's <Link>

  • this is a critical security requirement

Request to support a form-encoding mode for simple addition of links

  • only support for limited <Link> elements

JRD should be out of scope for now

  • eventually make it an optional encoding

Define a rel type to represent a visual editor for the XRD

  • defines a relationship between the user and their user management page