[OpenID] OpenID + Certs

Pat Cappelaere pat at cappelaere.com
Tue Apr 24 20:14:20 UTC 2007


Hans,

Not as a distribution mechanism per say, but as a way to get access to
validated information about a user.  Corporate personna would be
encapsulated in the PKI that would not be tampered with by the user (like
any of the other profile attributes which can be altered at will).
That cert would only be one extra attribute in the profile.
The user could upload new ones if necessary.  I will keep on checking at
every login.
Otherwise, I can't really tell for sure what the user organization is and
what email is valid.

Does this make more sense?
Thanks,
Pat.



> From: Hans Granqvist <hgranqvist at verisign.com>
> Date: Tue, 24 Apr 2007 09:07:06 -0700
> To: Pat Cappelaere <pat at cappelaere.com>
> Cc: "Recordon, David" <drecordon at verisign.com>, <general at openid.net>
> Subject: Re: [OpenID] OpenID + Certs
> 
> Pat Cappelaere wrote:
>> David,
>> 
>> This is pretty much what I need today.  Could you implement that on your
>> OpenID server at Verisign, please? :)
>> Since it is optional, it would not break anything.
>> Since Verisign is pretty big in Certificate Management, it might even make
>> sense.
>> Thanks,
>> Pat.
> 
> Pat, I'm confused: Do you want to use OpenID attribute exchange as a PKI
> distribution mechanism?
> 
> -Hans





More information about the general mailing list