XRD Provisioning

Tuesday – 1 - G

Conference: IIW 10 May 17-19, 2009 this is the complete Complete Set of Notes

Convener: Jared Hanson

Notes-taker(s): Jared Hanson

A.	Tags for the session - technology discussed/ideas considered:

B.	Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Links: http://xrdprovisioning.net

Topics: How to identify the link?
 * use the xml:id attribute or the href:type:rel tuple
 * href:type:rel should be good enough but xml:id is the purist solution
 * consensus to use the xml:id to identify the link rather than matching the href:type:rel tuple
 * the POST of the  can request a particular xml:id but the service can override the xml:id and return it to the caller

Ownership of who is allowed to update which links
 * Use OAuth to protect the REST APIs
 * proposal to add an extension element "dc:owner" to the actual link element

Is there a need to identify what the protection mechanism is?
 * maybe a separate doc to map to HTTP Basic or OAuth
 * leverage the WWW-Authenticate header to identify how the

Need to make sure that an attacker CAN NOT update someone else's 
 * this is a critical security requirement

Request to support a form-encoding mode for simple addition of links
 * only support for limited  elements

JRD should be out of scope for now
 * eventually make it an optional encoding

Define a rel type to represent a visual editor for the XRD
 * defines a relationship between the user and their user management page