Difference between revisions of "XRD Provisioning"

From IIW
Jump to: navigation, search
(Undo revision 3255 by Igiwydijok (Talk))
 
Line 1: Line 1:
=[http://ojiqovam.co.cc Page Is Unavailable Due To Site Maintenance, Please Visit Reserve Copy Page]=
 
 
Tuesday – 1 - G
 
Tuesday – 1 - G
  
Line 21: Line 20:
 
* href:type:rel should be good enough but xml:id is the purist solution
 
* href:type:rel should be good enough but xml:id is the purist solution
 
* consensus to use the xml:id to identify the link rather than matching the href:type:rel tuple
 
* consensus to use the xml:id to identify the link rather than matching the href:type:rel tuple
* the POST of the <Link> can request a particular xml:id but the service can override the xml:id and return it to the caller
+
* the POST of the <Link> can request a particular xml:id but the service can override the xml:id and return it to the caller
  
 
Ownership of who is allowed to update which links
 
Ownership of who is allowed to update which links
 
* Use OAuth to protect the REST APIs
 
* Use OAuth to protect the REST APIs
* proposal to add an extension element &quot;dc:owner&quot; to the actual link element
+
* proposal to add an extension element "dc:owner" to the actual link element
  
 
Is there a need to identify what the protection mechanism is?
 
Is there a need to identify what the protection mechanism is?
Line 31: Line 30:
 
* leverage the WWW-Authenticate header to identify how the  
 
* leverage the WWW-Authenticate header to identify how the  
  
Need to make sure that an attacker CAN NOT update someone else's &lt;Link&gt;
+
Need to make sure that an attacker CAN NOT update someone else's <Link>
 
* this is a critical security requirement
 
* this is a critical security requirement
  
 
Request to support a form-encoding mode for simple addition of links
 
Request to support a form-encoding mode for simple addition of links
* only support for limited &lt;Link&gt; elements
+
* only support for limited <Link> elements
  
 
JRD should be out of scope for now
 
JRD should be out of scope for now

Latest revision as of 14:42, 7 February 2011

Tuesday – 1 - G

Conference: IIW 10 May 17-19, 2009 this is the complete Complete Set of Notes

Convener: Jared Hanson

Notes-taker(s): Jared Hanson

A. Tags for the session - technology discussed/ideas considered:


B. Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Links: http://xrdprovisioning.net

Topics: How to identify the link?

  • use the xml:id attribute or the href:type:rel tuple
  • href:type:rel should be good enough but xml:id is the purist solution
  • consensus to use the xml:id to identify the link rather than matching the href:type:rel tuple
  • the POST of the <Link> can request a particular xml:id but the service can override the xml:id and return it to the caller

Ownership of who is allowed to update which links

  • Use OAuth to protect the REST APIs
  • proposal to add an extension element "dc:owner" to the actual link element

Is there a need to identify what the protection mechanism is?

  • maybe a separate doc to map to HTTP Basic or OAuth
  • leverage the WWW-Authenticate header to identify how the

Need to make sure that an attacker CAN NOT update someone else's <Link>

  • this is a critical security requirement

Request to support a form-encoding mode for simple addition of links

  • only support for limited <Link> elements

JRD should be out of scope for now

  • eventually make it an optional encoding

Define a rel type to represent a visual editor for the XRD

  • defines a relationship between the user and their user management page