[OpenID] OpenID + Certs

Pat Cappelaere pat at cappelaere.com
Tue Apr 24 00:19:24 UTC 2007 

Let me try to re-articulate my use-case better.

Let's imagine a site that has a lot of sensitive data that is not generally
released to the general public.  However, in case of national emergency,
this fictitious organization would be willing to exchange its data to
selected members of other trusted organizations for emergency response
(RedCross, Police, Fire Fighters...)

OpenID seems to be a nice way to define a web personna but also a corporate
personna.  Some OpenID providers are starting to use certs
(https://certifi.ca, https://prooveme.com/...)

So I was thinking about getting access to that validated cert as part of the
profile exchange attributes.  If the cert is external, it is unlikely that
the user has tampered with the information and I could easily validate the
user organization, email...
Currently, users have editing control over the attributes which is not good
in my case (but fine in all others).
Allowing the cert to be handed over as an optional attribute seems to be a
good trade to me.

What do you guys think?  I would love to see certifi.ca offering this
capability (or anybody else for that matter like Verisign)

Thanks,
Pat.

> From: Pat Cappelaere <pat at cappelaere.com>
> Date: Mon, 23 Apr 2007 13:14:24 -0400
> To: <general at openid.net>
> Conversation: OpenID + Certs
> Subject: [OpenID] OpenID + Certs
> 
> We are starting to see more sites that serve OpenIDS and use certificates
> for client-side SSL.
> This is good news.  What would even be better would be to make the user cert
> available in the sreg optional attributes for more stringent consumers.
> This would allow me to validate a user's belonging to a specific
> organization for instance if he agrees of course.  This would allow certain
> sites to release more sensitive information for Humanitarian Assistance
> and/or Disaster Relief in my case.
> Could this be added easily?
> Does this make sense?
> Wdyt?
> 
> Pat.
> eo1.geobliki.com
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3277 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070423/6eea2bd7/attachment-0002.bin>

More information about the general mailing list