Extensible Resource Descriptor (XRD) Version 1.0

Working Draft 02, 03 July 2009

Document identifier:
xrd-1.0-wd-02 (XML, HTML, PDF)
Locations:
Persistent version: http://docs.oasis-open.org/xri/xrd/v1.0/xrd-1.0.html
Current version: http://docs.oasis-open.org/xri/xrd/v1.0/WD02/xrd-1.0-wd02.html
Previous version: http://docs.oasis-open.org/xri/xrd/v1.0/WD01/xrd-1.0-wd01.html
Technical committee:
OASIS eXtensible Resource Identifier (XRI) TC
Chair:
Drummond Reed, Cordance 
Editors:
Eran Hammer-Lahav, Yahoo! 
{Other} {People} 
Will Norris 
Declared XML Namespace:
  • http://docs.oasis-open.org/ns/xri/xrd-1.0

Abstract:

This document defines a simple generic format for resource description (XRD documents).

Related Work:

This specification replaces or supersedes:

  • Extensible Resource Identifier (XRI) Resolution Version 2.0, Committee Draft 03, February 2008

This specification is related to:

  • Extensible Resource Identifier (XRI) Version 3.0, Committee Draft 01, May 2009

Status:

This document was last revised or approved by the XRI Technical Committee on the above date. The level of approval is also listed above. Check the current location noted above for possible later revisions of this document. This document is updated periodically on no particular schedule.

Technical Committee members should send comments on this specification to the Technical Committee's email list. Others should send comments to the Technical Committee by using the "Send A Comment" button on the Technical Committee's web page at http://www.oasis-open.org/committees/xri.

For information on whether any patents have been disclosed that may be essential to implementing this specification, and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the Technical Committee web page ( http://www.oasis-open.org/committees/xri/ipr.php).

The non-normative errata page for this specification is located at http://www.oasis-open.org/committees/xri.

Notices:

Copyright İ OASIS Open 2005. All Rights Reserved.

All capitalized terms in the following text have the meanings assigned to them in the OASIS Intellectual Property Rights Policy (the "OASIS IPR Policy"). The full Policy may be found at the OASIS website.

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published, and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this section are included on all such copies and derivative works. However, this document itself may not be modified in any way, including by removing the copyright notice or references to OASIS, except as needed for the purpose of developing any document or deliverable produced by an OASIS Technical Committee (in which case the rules applicable to copyrights, as set forth in the OASIS IPR Policy, must be followed) or as required to translate it into languages other than English.

The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.

This document and the information contained herein is provided on an "AS IS" basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY OWNERSHIP RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

OASIS requests that any OASIS Party or any other party that believes it has patent claims that would necessarily be infringed by implementations of this OASIS Committee Specification or OASIS Standard, to notify OASIS TC Administrator and provide an indication of its willingness to grant patent licenses to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this specification.

OASIS invites any party to contact the OASIS TC Administrator if it is aware of a claim of ownership of any patent claims that would necessarily be infringed by implementations of this specification by a patent holder that is not willing to provide a license to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this specification. OASIS may include such claims on its website, but disclaims any obligation to do so.

OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS' procedures with respect to rights in any document or deliverable produced by an OASIS Technical Committee can be found on the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this OASIS Committee Specification or OASIS Standard, can be obtained from the OASIS TC Administrator. OASIS makes no representation that any information or list of intellectual property rights will at any time be complete, or that any claims in such list are, in fact, Essential Claims.


Table of Contents

1. Introduction
1.1. Terminology
2. XRD Document Structure
2.1. Namespace and Schema Location
2.2. Document Property Elements
2.3. Resource Property Elements
2.4. Related Resource Elements
2.5. XRD Extensibility
3. Processing XRD Documents
3.1. Priority Attribute
3.2. Linked XRD Documents
3.3. Related Resource Selection
4. XRD Trust
4.1. XRD Trust Models
4.2. XRD Signature
5. Conformance

Appendixes

A. Acknowledgments (Non-Normative)
References

1. Introduction

{TODO (eran): write new text here which covers the use cases as well as how to find an XRD for a resource (LRDD) }

This document defines a simple generic format for resource descriptor documents (XRD documents) and a protocol for obtaining XRD documents from HTTP(S) URIs. Resource descriptor documents provide machine-readable information about resources (resource metadata) for the purpose of promoting interoperability and assist in interacting with unknown resources that support known interfaces.

For example, a web page about an upcoming meeting can provide in its descriptor document the location of the meeting organizer's free/busy information to potentially negotiate a different time. A social network profile page descriptor can identify the location of the user's address book as well as accounts on other sites. A web service implementing an API with optional components can advertise which of these are supported.

1.1. Terminology

The key words must, must not, required, shall, shall not, should, should not, recommended, may, and optional in this document are to be interpreted as described in [RFC 2119].

2. XRD Document Structure

XRD provides a simple and extensible XML format for describing resources. An XRD document describes the properties of the resource itself, as well as the relationship the resource has with other resources. XRD builds directly on the typed link relations framework [HTTP Link Header] used by HTTP, HTML, Atom, and other protocols.

The XRD schema defines only the basic elements necessary to support the most common use cases, with the explicit intention that applications will extend XRD to include any other metadata about the resources they describe.

2.1. Namespace and Schema Location

The following RELAX NG schema fragment defines the XML namespaces and other header information for the XRD schema:

default namespace = "http://docs.oasis-open.org/ns/xri/xrd-1.0"
namespace xrd = "http://docs.oasis-open.org/ns/xri/xrd-1.0"
namespace xml = "http://www.w3.org/XML/1998/namespace"
datatypes xs = "http://www.w3.org/2001/XMLSchema-datatypes"

include "http://www.w3.org/2007/xmlsec/Drafts/xmldsig-rngschema/xmldsig-core-schema.rnc"

start = XRD

anyelementbody =
    (attribute * {text}
    | text
    | element * { anyelementbody } )*

non.xrd.element = element * - xrd:* {
    anyelementbody
}

other.attribute = attribute * - xrd:* { text }

The location of the normative RELAX NG schema file for an XRD document as defined by this specification is: http://docs.oasis-open.org/xri/xrd/v1.0/WD02/xrd-1.0-wd02.rnc

The following URI will always reference the latest versions of this file: http://docs.oasis-open.org/xri/xrd/v1.0/xrd-1.0.rnc

2.2. Document Property Elements

XRD defines a few elements used to describe the properties of the XRD document itself. These elements describe what the document is about and provide administrative information as to how the information should be cached. In addition, XRD defines elements used to verify the authenticity of the document for the purpose of establishing trust and authority.

2.2.1. Element <XRD>

The <XRD> element encapsulates the entire resource descriptor, and is most commonly the root element of the document. It contains the following attributes and elements:

xml:id [Optional]

This attribute, of type xs:ID, is defined by [xml:id]. It provies a unique identifier for this XRD.

<ds:Signature> [Optional]

This is an XML Signature, included from the [XML Signature] schema, that protects the integrity of the document, as described in Section 4.2, “XRD Signature”.

<Expires> [Optional]

Specifies when this document expires and should no longer be used. See Section 2.2.2, “Element <Expires>.

<Subject> [Optional]

Provides the canonical identifier for the resource described by this XRD. See Section 2.2.3, “Element <Subject>.

<Alias> [Zero or More]

Provides an additional identifier for the resoure described by this XRD. See Section 2.3.1, “Element <Alias>.

<Type> [Zero or More]

Declares a property of the resource described by this XRD. See Section 2.3.2, “Element <Type>.

<Link> [Zero or More]

Identifies another resource which is related to the resource described by this XRD, and describes the semantics of that relationship. See Section 2.4.1, “Element <Link>.

The following schema fragment defines the <XRD> element:

XRD = element XRD {
    attribute xml:id { xs:ID } ?,
    other.attribute *,
    Signature ?,
    Expires ?,
    Subject ?,
    ( Alias | Type | Link | non.xrd.elemnt ) *
}

2.2.2. Element <Expires>

This xs:dateTime value indicates the time instant after which the document is no longer valid and must not be used. The value must use the UTC "Z" time zone and must not use fractional seconds. In addition to this explicit expiration instant of the document, XRD consuming applications should comply with the caching rules of the transport protocol used to retrieve the XRD.

The following schema fragment defines the <Expires> element:

Expires = element Expires {
    other.attribute *,
    xs:dateTime
}

2.2.3. Element <Subject>

<Subject> is a xs:anyURI value which identifies a resource. This value must be an absolute URI. The resource that the <Subject> identifies is determined by the immediate parent element. If <Subject> appears as a child element of <XRD>, then it identifies the resource the XRD document is about. If <Subject> appears as a child element of a <Link>, then it identifies the linked resource.

The following schema fragment defines the <Subject> element:

Subject = element Subject {
    other.attribute *,
    xs:anyURI
}

2.3. Resource Property Elements

These elements provide information and attributes about the resource that the XRD document is describing.

2.3.1. Element <Alias>

This xs:anyURI value provides additional non-canonical identifiers for the resource described by the XRD. This value must be an absolute URI.

The following schema fragment defines the <Alias> element:

Alias = element Alias {
    other.attribute *,
    xs:anyURI
}

2.3.2. Element <Type>

The <Type> element declares a property, of type xs:anyURI, of the resource described by the XRD. The meaning of the <Type> value is application-specific, and is used by the XRD publisher to describe the resource to consuming applications familiar with the type identifier. <Type> contains the following attributes:

required [Optional]

The required attribute is of type xs:boolean, with a default value is false. If the required attribute is omitted or explicitly set to false, a consuming application should ignore any <Type> with values it does not recognize, and interact with the resource based on the values it does recognize.

However, if the required attribute is set to true, a consuming application must not interact with the resource if it does not recognize the element value. The required attribute is used to indicate to a consuming application that some pre-defined knowledge is required in order to interact with the resource, without which undefined or potentially harmful side-effects can occur. The required attribute should not be used unless such harmful side-effects are likely.

The following schema fragment defines the <Type> element:

Type = element Type {
    attribute required { xs:boolean } ?,
    other.attribute *,
    xs:anyURI
}

2.4. Related Resource Elements

One of the primary uses of XRD is to describe the relationship between different resources. These elements identify and describe the other resources which are related to the resource the XRD document is describing.

2.4.1. Element <Link>

The <Link> element serves as a container for metadata about the related resource, and carries similar semantics as the HTML Link element, the ATOM Link element, and the HTTP Link Header. The one distinction is that link relationships described by the <Link> element are between the resource described by the XRD and the linked resources, and not between the XRD itself and the linked resource. <Link> has the following elements and attributes:

priority [Optional]

The priority attribute is of type xs:nonNegativeInteger. See Section 3.1, “Priority Attribute”.

<Subject> [Optional]

This asserts the value that should be expected for the <Subject> in linked XRD. Use of this element in establishing trust can be found in Section 4, “XRD Trust”. For the syntax of this element, see Section 2.2.3, “Element <Subject>.

<Rel> [Zero or More]

Defines the semantics of the link relationship. See Section 2.4.2, “Element <Rel>.

<MediaType> [Zero or More]

Provides a hint at the media type of the linked resource. See Section 2.4.3, “Element <MediaType>.

<URI> [Zero or More]

Identifies how the linked resource can be retrieved. See Section 2.4.4, “Element <URI>.

<URITemplate> [Zero or More]

Provides a template which can be used to obtain a URI for retrieving the resource. See Section 2.4.5, “Element <URITemplate>.

<ds:KeyInfo> [Zero or More]

KeyInfo is included from the [XML Signature] schema, and provides the digital signature metadata necessary to validate interaction with the linked resource. See Section 4, “XRD Trust”.

The following schema fragment defines the <Link> element:

Link = element Link {
    attribute priority { xs:nonNegativeInteger } ?,
    other.attribute *,
    Subject ?,
    ( Rel | MediaType | URI | URITemplate | KeyInfo | non.xrd.element ) *
}

2.4.2. Element <Rel>

This xs:anyURI value defines the semantics of the relationship between the resource described by the XRD and the linked resource. <Rel> is semantically equivalent to the Link Relationship Types defined in [HTTP Link Header]. It is important to note that they do not identify any property of the linked resource. Rather, they describe only how the resource described by the XRD is related to the linked resource.

The following schema fragment defines the <Rel> element:

Rel = element Rel {
    other.attribute *,
    xs:anyURI
}

2.4.3. Element <MediaType>

This xs:string value provides a hint as to the media type of the content available at the linked resource. The value of this element must be of the form of a media type defined in [RFC 2046].

The following schema fragment defines the <MediaType> element:

MediaType = element MediaType {
    other.attribute *,
    xs:string
}

2.4.4. Element <URI>

<URI> is a xs:anyURI value that provides the URI where the linked resource can be found and used or retrieved. If no URI element is defined, it is assumed the URI can be obtained by other means not specified in this specification. <URI> has the following attributes:

priority [Optional]

The priority attribute is of type xs:nonNegativeInteger. See Section 3.1, “Priority Attribute”.

The following schema fragment defines the <URI> element:

URI = element URI {
    attribute priority { xs:nonNegativeInteger } ?,
    other.attribute *,
    xs:anyURI
}

2.4.5. Element <URITemplate>

<URITemplate> is of type xs:string. The template syntax provides a simple format for URI transformation. A template is a string containing brace-enclosed ("{}") variable names marking the parts of the string that are to be substituted by the variable values. The dictionary of allowed variable names is defined by one or more <Rel> values of the enclosing <Link>. A template is transformed into a URI by substituting the variables with their calculated value. If a variable name is prefixed by "%", any character in the variable value other than unreserved must be percent-encoded per [RFC 3986].

This specification does not define when or how template variables are interposed into link templates. Link relationship values that wish to allow templating should specify such details.

<URITemplate> has the following attributes:

priority [Optional]

The priority attribute is of type xs:nonNegativeInteger. See Section 3.1, “Priority Attribute”.

The following schema fragment defines the <URITemplate> element:

URITemplate = element URITemplate {
    attribute priority { xs:nonNegativeInteger } ?,
    other.attribute *,
    xs:string
}

2.5. XRD Extensibility

The XRD schema defines only the basic elements necessary to support the most common use cases, with the explicit intention that applications will extend XRD to include any other metadata about the resources they describe. XRD documents can be extended by providing custom, meaningful values for certain URI-based elements, as well as by extending the XML elements directly.

2.5.1. Identifier Extension

XRD uses URI-based identifiers for describing resources as well as for describing the relationships between resources. It is expected that applications will use appropriate established URI identifiers for these purposes, or define new identifiers as necessary. It is recommended that any new identifiers be defined in a formal specification of use. In no case should the meaning of a given URI used as such an identifier significantly change, or be used to mean two different things.

2.5.2. Schema Extension

The XRD schema allows for the inclusion of attributes from arbitrary namespaces (except for the XRD namespace) in all XRD elements. Additionally, the <XRD> and <Link> elements allow for the inclusion of child elements from arbitrary namepsaces (except for the XRD namespace).

XML extensions must not require new interpretation of elements defined in this document. If an extension element is present, a processor must be able to ignore it and still correctly process the XRD document.

3. Processing XRD Documents

{TODO: some general note about consuming XRDs}

3.1. Priority Attribute

XRD allows the <Link>, <URI>, and <URITemplate> elements to appear multiple times within the same parent element to provide redundancy, flexibility, or for other purposes. When these elements appear more than once within the same parent, XRD publishers should use the priority attribute to prioritize selection of these element instances.

The priority attribute type is xs:nonNegativeInteger - its value must be a non-negative integer value. The attribute works in a similar manner to DNS records priority, where the lowest value has the highest priority. This means zero has the highest priority and infinity - represented by the absence of the priority attribute - carries the lowest priority. Instead of omitting the attribute, however, it is recommended to follow the standard practice in DNS and set the priority value to 10. When a publisher wishes to indicate a very low priority, it is recommended to use a large finite value (100 or higher) rather than omitting the attribute.

Consuming applications should select the element with the highest priority - the lowest numeric value of the priority attribute. In the following example, the URIs decreasing order of priority is 0, 10, 11, 25, and last the element with the omitted priority attribute.

<Link>
    <URI priority="10">http://example.com/second</URI>
    <URI priority="25">http://example.com/fourth</URI>
    <URI priority="11">http://example.com/third</URI>
    <URI priority="0">http://example.com/highest</URI>
    <URI>http://example.com/lowest</URI>
</Link>

If two or more instances of the same element type have identical priority attribute values (including infinity), the consuming application should select one of the instances at random. The application should not choose the first instance that appears in XML document order. This is needed to support the publisher's redundancy or load balancing intentions.

The element selected according to these rules is referred to as the highest priority element. If this element is subsequently disqualified from the set of qualified elements, the consuming application should attempt to select the next highest priority element. This process should be continued for all other instances of the qualified elements until success is achieved or all instances are exhausted.

3.1.1. Priority of <URI> and <URITemplate> elements

The URI for a related resource can be expressed using two different elements, <URI> and <URITemplate>, which differ only in the fact that templates require addtional processing in order to obtain the final URI. Therefore, elements of both types should be combined and sorted together in order to obtain the URI of highest priority. In the following example, the highest priority URI would be the resultant URI from processing the template "{uri};service".

<Link>
    <URI priority="20">http://example.com/</URI>
    <URITemplate priority="10">{uri};service</URI>
</Link>

3.2. Linked XRD Documents

The XRD document for a resource may assert that a different XRD document may be used as an equally valid descriptor for the same described resource. This allows for distributed management of descriptor documents, both within and across authorities. A linked XRD is identified by a <Link> containing a <Rel> value of http://www.iana.org/assignments/relation/describedby, and a <MediaType> value of application/xrd+xml, as demonstrated in the following example.

<Link>
    <Rel>http://www.iana.org/assignments/relation/describedby</Rel>
    <MediaType>application/xrd+xml</MediaType>
    <URI>http://example.net/xrd.xml</URI>
</Link>

3.3. Related Resource Selection

Based on the consuming application's needs, the application defines a selection criteria based on the presence (or lack of) certain resource relationship values and media-types. The selection criteria can be any combination of metadata describing the linked resources such as <Rel>, <MediaType>, <URI>, or non-XRD extension elements. For example, an application can look for all related resources with an image media-type, the URI of a related resource with a SAML authentication relationship, or the properties of a specific related resource given its URI.

If the selection criteria place higher preference on the presence of certain relationships or media-types over others, it is handled by performing multiple selections. Each selection is assigned preference order based on the consuming application's needs and the selection results are compared to determine the most desired set. For example, if an application is looking for all image resources, giving higher preference to the JPEG formats over PNG, it will perform two selection processes, one for each media-type, and assign the resources in the JPEG set a higher preference value.

The consuming application performs the following steps in order to select the desired related resource descriptions:

  • The consuming application must first use the priority attribute values to put the <Link> elements in priority order as defined in Section 3.1, “Priority Attribute”.

  • The priority sorted <Link> elements are each then processed by comparing the metadata for the linked resource against the values defined by the selection criteria.

  • If a linked resource does not meet the selection criteria, but is identified as a linked XRD as defined in Section 3.2, “Linked XRD Documents”, the consuming application should suspend processing of the current XRD document and process the linked XRD. After processing the linked XRD, the consuming application should then resume processing the current XRD. A consuming application may choose to limit the depth to which it will follow linked XRD documents for performance or other reasons.

  • Within the priority sorted list of matching <Link> elements, if more than one <URI> or <URITemplate> elements are present, the consuming application should use the priority attribute values to find the highest priority element as defined in Section 3.1.1, “Priority of <URI> and <URITemplate> elements”.

4. XRD Trust

XRD documents digitally signed by the publishing authority supports document integrity and authentication of the publishing authority to an XRD consuming application. {TODO: finish this}

4.1. XRD Trust Models

{TODO: do we need to talk about different trust models for XRD? PKI-based vs XRD-chaining with embedded certs?}

4.2. XRD Signature

The [XML Signature] specification calls out a general XML syntax for signing data with flexibility and many choices. This section details constraints on these facilities so that XRD consuming applications do not have to deal with the full generality of XML Signature processing.

4.2.1. Signing Formats and Algorithms

XML Signature has three ways of relating a signature to a document: enveloping, enveloped, and detached. XRD documents must use enveloped signatures when signing. XRD consuming applications should support the use of RSA signing and verification for public key operations in accordance with the algorithm identified by http://www.w3.org/2000/09/xmldsig#rsa-sha256.

4.2.2. References

XRD documents must supply a value for the xml:id attribute on the root element of the XRD being signed. The XRD's root element may or may not be the root element of the actual XML document containing the signed XRD (e.g., it might be contained within an <XRDS> sequence element).

Signatures must contain a single <ds:Reference> containing a same-document reference to the xml:id attribute value of the root element of the XRD being signed. For example, if the xml:id attribute value is foo, then the URI attribute in the <ds:Reference> element must be #foo.

4.2.3. Canonicalization

XRD implementations should use [Exclusive Canonicalization], with or without comments, both in the <ds:CanonicalizationMethod> element of <ds:SignedInfo>, and as a <ds:Transform> algorithm. Use of Exclusive Canonicalization ensures that signatures created over XRD documents embedded in an XML context can be verified independent of that context.

4.2.4. Transforms

Signatures in XRD documents should not contain transforms other than the enveloped signature transform (with the identifier http://www.w3.org/2000/09/xmldsig#enveloped-signature) or the exclusive canonicalization transforms (with the identifier http://www.w3.org/2001/10/xml-exc-c14n# or http://www.w3.org/2001/10/xml-exc-c14n#WithComments).

Verifiers of signatures may reject signatures that contain other transform algorithms as invalid. If they do not, verifiers must ensure that no content of the XRD is excluded from the signature. This can be accomplished by establishing out-of-band agreement as to what transforms are acceptable, or by applying the transforms manually to the content and reverifying the result as consisting of the same XRD.

4.2.5. KeyInfo

XML Signature defines usage of the <ds:KeyInfo> element. XRD does not require the use of <ds:KeyInfo>, nor does it impose any restrictions on its use. Therefore, <ds:KeyInfo> may be absent.

4.2.6. Example

Following is an example of a signed XRD document. Line breaks have been added for readability; the signatures are not valid and cannot be successfully verified.

<XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0" xml:id="foo" 
    expires="1970-01-01T00:00:00Z">
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
        <ds:SignedInfo> 
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
            <ds:Reference URI="#foo">
                <ds:Transforms> 
                    <ds:Transform 
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> 
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
                        <InclusiveNamespaces PrefixList="#default xrd ds xs xsi" 
                            xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
                    </ds:Transform> 
                </ds:Transforms> 
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> 
                <ds:DigestValue>TCDVSuG6grhyHbzhQFWFzGrxIPE=</ds:DigestValue>
            </ds:Reference> 
        </ds:SignedInfo>
        <ds:SignatureValue> 
            x/GyPbzmFEe85pGD3c1aXG4Vspb9V9jGCjwcRCKrtwPS6vdVNCcY5rHaFPYWkf+5 
            EIYcPzx+pX1h43SmwviCqXRjRtMANWbHLhWAptaK1ywS7gFgsD01qjyen3CP+m3D 
            w6vKhaqledl0BYyrIzb4KkHO4ahNyBVXbJwqv5pUaE4= 
        </ds:SignatureValue> 
        <ds:KeyInfo> 
            <ds:X509Data> 
                <ds:X509Certificate> 
                    MIICyjCCAjOgAwIBAgICAnUwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT 
                    MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT 
                    F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ 
                    bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg 
                    LS0gMjAwMjA3MDFBMB4XDTAyMDcyNjA3Mjc1MVoXDTA2MDkwNDA3Mjc1MVowgYsx
                    CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNaWNoaWdhbjESMBAGA1UEBxMJQW5uIEFy
                    Ym9yMQ4wDAYDVQQKEwVVQ0FJRDEcMBoGA1UEAxMTc2hpYjEuaW50ZXJuZXQyLmVk 
                    dTEnMCUGCSqGSIb3DQEJARYYcm9vdEBzaGliMS5pbnRlcm5ldDIuZWR1MIGfMA0G 
                    CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZSAb2sxvhAXnXVIVTx8vuRay+x50z7GJj 
                    IHRYQgIv6IqaGG04eTcyVMhoekE0b45QgvBIaOAPSZBl13R6+KYiE7x4XAWIrCP+ 
                    c2MZVeXeTgV3Yz+USLg2Y1on+Jh4HxwkPFmZBctyXiUr6DxF8rvoP9W7O27rhRjE 
                    pmqOIfGTWQIDAQABox0wGzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIFoDANBgkq 
                    hkiG9w0BAQQFAAOBgQBfDqEW+OI3jqBQHIBzhujN/PizdN7s/z4D5d3pptWDJf2n 
                    qgi7lFV6MDkhmTvTqBtjmNk3No7v/dnP6Hr7wHxvCCRwubnmIfZ6QZAv2FU78pLX 
                    8I3bsbmRAUg4UP9hH6ABVq4KQKMknxu1xQxLhpR1ylGPdiowMNTrEG8cCx3w/w== 
                </ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <Subject>http://example.com/gpburdell</Subject>
    <Link>
        <Rel>http://spec.example.net/auth/1.0</Rel>
        <URI>http://services.example.com/auth</URI>
    </Link>
</XRD>

5. Conformance

{TODO}

A. Acknowledgments (Non-Normative)

The following individuals have participated in the creation of this specification and are gratefully acknowledged (note that the itemized list uses spacing="compact" to remove the space between list items in the printed result):

  • Mary Baker

  • Jane Doe, Example Corporation

  • John Able, Other Example Corporation

References

[RFC 2046] N. Freed, N. Borenstein Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types. IETF (Internet Engineering Task Force). 1996.

[RFC 2119] S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. IETF (Internet Engineering Task Force). 1997.

[RFC 2606] E. Eastlake, A. Panitz Reserved Top Level DNS Names. IETF (Internet Engineering Task Force). 1999.

[RFC 2616] R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, T. Berners-Lee Hypertext Transfer Protocol -- HTTP/1.1. IETF (Internet Engineering Task Force). 1999.

[RFC 3986] T. Berners-Lee, R. Fielding, L. Masinter Uniform Resource Identifiers (URI): Generic Syntax. IETF (Internet Engineering Task Force). 2005.

[RFC 4287] M. Nottingham The Atom Syndication Format. IETF (Internet Engineering Task Force). 2005.

[HTML 4.01] D. Raggett HTML 4.01 Specification. W3 Recommendation. 1999

[HTTP Link Header] M. Nottingham Link Relations and HTTP Header Linking. IETF (Internet Engineering Task Force) Draft. 2009.

[Site Meta] M. Nottingham, E. Hammer-Lahav Host Metadata for the Web. IETF (Internet Engineering Task Force) Draft. 2009.

[XRI Resolution 2.0] G. Wachob Extensible Resource Identifier (XRI) Resolution V2.0. February 2008.

[LRDD] E. Hammer-Lahav Link-based Resource Descriptor Discovery. IETF (Internet Engineering Task Force) Draft. 2009.

[xml:id] J. Marsh, et al xml:id. W3 Recommendation. 2005

[XML Signature] D. Eastlake, et al XML Signature Syntax and Processing. W3 Recommendation. 2008

[Exclusive Canonicalization] J. Boyer, et al Exclusive XML Canonicalization. W3 Recommendation. 2002