RE: URNsAndRegistries-50 [2]

> Noah said:
> I think this is indeed an interesting and important discussion, 
> but I think it's better aligned with the discussions we're tracking
under 
> the banner of issue URNsAndRegistries-50 [2].  There's also some
overlap 
> with schemeProtocols-49 [3], should we get back to that.

Even though this message follows others with a subject of "RE: Proposed
disposition of Stuart Williams' comments on Metadata in URI 31", I'm
switching to a difference subject in an attempt to better align the
discussion.

> Marty said:
> Your example gave me a couple new thoughts that aren't yet 
> very well developed - but here goes: Some of the descriptive 
> data really consists of minter claims about the identifier, 
> as has been pointed out in previous discussions about 
> persistent identifiers. If such claims are built right into 
> the identifier, then it's obvious that the minter is making 
> such a claim. If such claims are made in XML tags like 
> <reassignable value="false">, then 
> verification/nonrepudiation of the claim would require some 
> way to bind the claim to the identifier, such as a digital 
> signature on both the identifier and the claim. I understand 
> that an incoming SAML assertion or X.509 certificate would 
> indeed be signed, but I'd have to retain the whole assertion 
> for non-repudiation. I'd probably also have to retain every 
> assertion including that identifier, because different 
> assertions might make different claims about the identifier. 
> This is lots bulkier than just building it right into the identifier. 

As I said, the thoughts weren't yet developed. Now I'd like to debunk
one of my own thoughts. I still think it's better to represent
identifier metadata right in the URI instead of in surrounding XML tags.
However, I think the idea is wrong that verification of
claims/nonrepudiation would differ depending on where the claim is made
(i.e., in the URI or in the surrounding XML). Even with the claims
directly in a URI, the URI would still have to be included in some
signed material to support nonrepudiation.

> Another thought: a SAML assertion authority, or an X.509 
> certificate authority, is probably NOT the naming authority 
> for the subjects of the assertions/certs. Wouldn't you rather 
> have claims about the identifier be made by the naming 
> authority rather than some other body?

I still think the idea that claims about an identifier should be made by
the minter. Claims about the subject of the assertion should be made in
the assertion/cert. As a matter of fact, the identifier in an
assertion/cert is the assertion authority's or certificate authority's
claim that the identifier belongs to the subject.

Received on Saturday, 30 September 2006 15:01:39 UTC