[OpenID] OpenID as a PKI facilitator
Nic James Ferrier
nferrier at tapsellferrier.co.uk
Fri Apr 6 18:32:23 UTC 2007
Anders Feder <lists.anders at feder.dk> writes:
> 1. As OpenID is adopted across the Web, most users are likely to acquire
> an OpenID identifier. If every OP in addition help the user generate a
> PKI keypair, the issue of public key proliferation is solved.
> 2. OpenID identifiers are URL's, which, by definition, happens to
> identify a resource for which retrieval is well-defined. OpenID, on the
> other hand, defines how such a resource is unambiguously associated with
> a user. If the user's public key is stored together with the OpenID
> resource, the issue of public key retrieval is solved.
>
> In other words, OpenID could be the final building block in the
> establishment of a global PKI. A global PKI, in turn, would have a
> far-reaching impact on IT in general and information security in
> particular. Exploiting this potential would require a standard protocol
> for public key retrieval upon an OpenID identifier.
>
> * Is there any interest in the community to establish such a standard?
> * Has any work already been done to this end?
> * Or have there been other efforts to couple OpenID and PKI?
> * Other thoughts?
There are already providers:
http://prooveme.com is my own, based on issuing certs.
http://certifi.ca is another one, based on existing cert providers.
I (and my colleagues) have a bunch of things we'd like to spec out but
we're a bit busy dealing with the IE issues (and all the other things
we do /8-)
I certainly think specs in this regard would be well worth
pursuing. They could add a level of confidence that is not already
present.
--
Nic Ferrier
http://www.tapsellferrier.co.uk
More information about the general
mailing list