XRD Provisioning
Tuesday – 1 - G
Conference: IIW 10 May 17-19, 2009 this is the complete Complete Set of Notes
Convener: Jared Hanson
Notes-taker(s): Jared Hanson
A. Tags for the session - technology discussed/ideas considered:
B. Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Links: http://xrdprovisioning.net
Topics: How to identify the link?
- use the xml:id attribute or the href:type:rel tuple
- href:type:rel should be good enough but xml:id is the purist solution
- consensus to use the xml:id to identify the link rather than matching the href:type:rel tuple
- the POST of the <Link> can request a particular xml:id but the service can override the xml:id and return it to the caller
Ownership of who is allowed to update which links
- Use OAuth to protect the REST APIs
- proposal to add an extension element "dc:owner" to the actual link element
Is there a need to identify what the protection mechanism is?
- maybe a separate doc to map to HTTP Basic or OAuth
- leverage the WWW-Authenticate header to identify how the
Need to make sure that an attacker CAN NOT update someone else's <Link>
- this is a critical security requirement
Request to support a form-encoding mode for simple addition of links
- only support for limited <Link> elements
JRD should be out of scope for now
- eventually make it an optional encoding
Define a rel type to represent a visual editor for the XRD
- defines a relationship between the user and their user management page