The
http://www.w3.org/TR/xmldsig-core/#sec-X509Data almost certainly
covers the use cases I can think of for OAuth & Salmon, and probably a
lot more. It does assume familiarity with a lot of external specs and
standards. If nothing else, it would be really good to see examples of
how this would work (actual XML) for various use cases. And, is the
handling simple enough to code up de novo, or are are there existing
libraries for all platforms that get the underlying semantics right?
The use cases I can think of are:
1. I want to retrieve the public key (possibly self-signed) for {uri}
2. I want to see the past public keys used by {uri}, with timeframes
indicating when keys were valid.
3. I want to be able to have different public keys for different
purposes (I think this is handled with multiple link relations).
4. I want to be able to revoke keys and publish that fact. Aside:
There should be a way to talk about "public key A" vs. "public key B"
so I can broadcast things like "I just revoked my public key A"
These are approximately in priority order :)
On Nov 6, 2:54 pm, Brian Eaton <
bea...@google.com> wrote:
> On Fri, Nov 6, 2009 at 11:23 AM, Markus Sabadello
>