[OpenID] OpenID + Certs

thayes0993 at aol.com thayes0993 at aol.com
Mon Apr 23 17:43:48 UTC 2007


 In order to get the result that you want, the OpenID of the user will have to be included in the certificate. Is this typical among the OPs that are using certificates?

The RP would have to check that the OpenID asserted by the OP is also bound by the certificate to the organization.? Note that the OpenID referred to here is the one claimed by the user, not the delegated id that the OpenID provider actually deals with.

Use of the certificate in this way is more like attribute certificates than it is a regular public-key binding.

Terry


 


 

-----Original Message-----
From: Pat Cappelaere <pat at cappelaere.com>
To: general at openid.net
Sent: Mon, 23 Apr 2007 10:14 am
Subject: [OpenID] OpenID + Certs

 
 
We are starting to see more sites that serve OpenIDS and use certificates
for client-side SSL.
This is good news.  What would even be better would be to make the user cert
available in the sreg optional attributes for more stringent consumers.
This would allow me to validate a user's belonging to a specific
organization for instance if he agrees of course.  This would allow certain
sites to release more sensitive information for Humanitarian Assistance
and/or Disaster Relief in my case.
Could this be added easily?
Does this make sense?
Wdyt?

Pat.
eo1.geobliki.com

 
  
 
_______________________________________________
general mailing list
general at openid.net http://openid.net/mailman/listinfo/general 
 
  
________________________________________________________________________
AOL now offers free email to everyone.  Find out more about what's free from AOL at AOL.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070423/a41455bc/attachment-0002.htm>


More information about the general mailing list