[OpenID] OpenID + Certs

Pat Cappelaere pat at cappelaere.com
Tue Apr 24 11:52:07 UTC 2007


David,

This is pretty much what I need today.  Could you implement that on your
OpenID server at Verisign, please? :)
Since it is optional, it would not break anything.
Since Verisign is pretty big in Certificate Management, it might even make
sense.
Thanks,
Pat.


> From: "Recordon, David" <drecordon at verisign.com>
> Date: Tue, 24 Apr 2007 02:30:43 -0700
> To: Pat Cappelaere <pat at cappelaere.com>, <general at openid.net>
> Conversation: [OpenID] OpenID + Certs
> Subject: RE: [OpenID] OpenID + Certs
> 
> I'd see this as something you could define within Attribute Exchange.
> An attribute type for a cert...though I think certs would be one of a
> few ways to exchange verified information.
> 
> --David
> 
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Pat Cappelaere
> Sent: Monday, April 23, 2007 5:19 PM
> To: Pat Cappelaere; general at openid.net
> Subject: Re: [OpenID] OpenID + Certs
> 
> Let me try to re-articulate my use-case better.
> 
> Let's imagine a site that has a lot of sensitive data that is not
> generally released to the general public.  However, in case of national
> emergency, this fictitious organization would be willing to exchange its
> data to selected members of other trusted organizations for emergency
> response (RedCross, Police, Fire Fighters...)
> 
> OpenID seems to be a nice way to define a web personna but also a
> corporate personna.  Some OpenID providers are starting to use certs
> (https://certifi.ca, https://prooveme.com/...)
> 
> So I was thinking about getting access to that validated cert as part of
> the profile exchange attributes.  If the cert is external, it is
> unlikely that the user has tampered with the information and I could
> easily validate the user organization, email...
> Currently, users have editing control over the attributes which is not
> good in my case (but fine in all others).
> Allowing the cert to be handed over as an optional attribute seems to be
> a good trade to me.
> 
> What do you guys think?  I would love to see certifi.ca offering this
> capability (or anybody else for that matter like Verisign)
> 
> Thanks,
> Pat.
> 
>> From: Pat Cappelaere <pat at cappelaere.com>
>> Date: Mon, 23 Apr 2007 13:14:24 -0400
>> To: <general at openid.net>
>> Conversation: OpenID + Certs
>> Subject: [OpenID] OpenID + Certs
>> 
>> We are starting to see more sites that serve OpenIDS and use
>> certificates for client-side SSL.
>> This is good news.  What would even be better would be to make the
>> user cert available in the sreg optional attributes for more stringent
> consumers.
>> This would allow me to validate a user's belonging to a specific
>> organization for instance if he agrees of course.  This would allow
>> certain sites to release more sensitive information for Humanitarian
>> Assistance and/or Disaster Relief in my case.
>> Could this be added easily?
>> Does this make sense?
>> Wdyt?
>> 
>> Pat.
>> eo1.geobliki.com
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3277 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070424/ce4a17eb/attachment-0002.bin>


More information about the general mailing list