GssPolicies/PublicAuthorityPolicies

Public Authority Policies

Introduction
Public Authority Resolution Policy
Public Proxy Resolver Resolution Policy
Denial Of Service Policy

1. Introduction

Public Authority Service responds to XRI resolution requests for all GRS-registered XRIs. In the V1 GRS, it will answer two types of XRI resolution requests:

Standard XRI resolution requests are HTTP or HTTPS GET requests for an XRI Descriptor (XRID) – an XML document that contains XRI resolution data and metadata as defined in the XRI Specifications.
Proxy resolver requests are HTTP GET requests to resolve the XRI authority portion of the requested XRI. They return an HTTP redirect to the Network Authority for the target Resource.

XDI.ORG plans for a future version of the GSS to implement support for a third type, trusted resolution requests, as described in the XRI Specifications.

The following policies govern the operation of Public Authority Service in the V1 GSS.

2. Public Authority Resolution Policy

The Primary GRSP MUST maintain a Public Authority Service at one or more HTTP and HTTPS URIs specified in the GssOpSpecs. A client of the Public Authority service MUST include an HTTP Accept header with a value of application/xrid+xml in an XRI resolution request as specified in the XRI specifications.

The Public Authority Service MUST return an XRID that conforms to the XRI Specifications. In addition:

The value of the AuthorityID element MUST be the value specified in the GssOpSpecs for each Global Registry Service.
The value of the Expires element MUST be a global variable under the control of the Primary GRSP. The value MAY be different for Global I-Name and Global I-Number resolution requests. The GRSP SHOULD set the value to provide an optimum balance between cache duration and update propagation.
The contents of the other XRID elements MUST conform to the Global I-Name Resolution Policy (GssPolicies/InamePolicies) and Global I-Number Resolution Policy (GssPolicies/InumberPolicies).

3. Public Proxy Resolver Resolution Policy

The Primary GRSP MUST maintain an Public Proxy Resolver Service at one or more HTTP and HTTPS URIs specified in the GssOpSpecs. A client of the Public Authority service MUST make an HTTP or HTTPS request for proxied XRI resolution that conforms to the XRI Specifications, or the Public Proxy Resolver Service MUST return an HTTP 400 (Bad Request) error code in response.

If the request include an HTTP Accept header with a value of application/xrid+xml, the Public Proxy Resolver Service MUST attempt to complete proxied resolution of the requested XRI and MUST return an XRI Descriptors document (including any HTTP errors encountered) as specified in the XRI Specifications.

If the request does not include an HTTP Accept header with a value of application/xrid+xml and no XRI resolution error is encountered during proxy resolution, the Public Proxy Resolver Service MUST return an HTTP redirect to the first HTTP Local Access URI in the XRID of the target XRI Authority. This HTTP redirect MUST include the Local Path of the XRI in the original request, if any. If an error is encountered during proxy resolution, the Public Proxy Resolver Service MUST return an HTTP 502 (Bad Gateway) error code in response.

4. Denial Of Service Policy

A GRSP MAY implement security safeguards for the Public Authority Service intended to maintain optimal service and prevent or minimize denial-of-service or other network attacks. These safeguards MAY block IP addresses and otherwise prevent access by network endpoints or software that the GRSP has reasonable cause to believe are interfering with public access, availability, security, or privacy of the service.