authorization

So there has been this whole fullry of activity on the list about pull vs. push. Guess what – XDI can do both. …oooo… I found this quote while pulling apart ancient identity commons presentations for the 2.0 version that I am presenting next week at the W3C workshop.

Today on the internet html links are essentially one-way “strings” that connect the two documents, allowing the linked document to be “pulled” down into a browser.
Links using XDI change this one way static dynamic by creating a two-way “data-pipe” through which data can actively flow in either direction (“push” or “pull”). This flow can be controlled automatically by “valves” on either end called XDI link contracts.
Like real-world contracts, link contracts are flexible enough to address virtually any aspect of data authority and control. They can govern:
Authority: Who controls the data being shared via the contract?
Authentication: How will each party prove its identity to the other?
Authorization: Who has what access rights and privileges to the data?
Privacy and usage control: What uses can be made of the data and by whom?
Synchronization: How and when will the subscriber receive updates to the data?
Termination: What happens when the data sharing relationship is ended?
Recourse: How will any disputes over the data sharing agreement be resolved?