[OpenID] OpenID + Certs

Pat Cappelaere pat at cappelaere.com
Wed Apr 25 00:36:51 UTC 2007 

Dick,

I am using the term cert as in X.509 certificates being used by major
corporations and DoD to identify their users.
These certs contain validated user profile information that ought to be
available in an OpeniD user profile as an optional attribute at a minimum.
How many of them are already out there? Many millions.
This ought to be leveraged somehow.

Pat.



> From: Dick Hardt <dick at sxip.com>
> Date: Wed, 25 Apr 2007 00:36:52 +0200
> To: Pat Cappelaere <pat at cappelaere.com>
> Cc: Hans Granqvist <hgranqvist at verisign.com>, <general at openid.net>
> Subject: Re: [OpenID] OpenID + Certs
> 
> Pat
> 
> I think you are confusing people using the term Certificate here.
> While a certificate can contain any data, I think of the certs
> primarily as being a statement binding an entity to a public key.
> 
> I think you are talking about verified claims, and this is definitely
> something that Attribute Exchange is all about.
> 
> We have some demo code where you can get a claim binding your OpenID
> to an email address at:
> 
> https://verify.sxip.com/email/.
> 
> The only OP I know of that talks AX at this point is Sxipper.
> 
> -- Dick
> 
> On 24-Apr-07, at 10:14 PM, Pat Cappelaere wrote:
> 
>> Hans,
>> 
>> Not as a distribution mechanism per say, but as a way to get access to
>> validated information about a user.  Corporate personna would be
>> encapsulated in the PKI that would not be tampered with by the user
>> (like
>> any of the other profile attributes which can be altered at will).
>> That cert would only be one extra attribute in the profile.
>> The user could upload new ones if necessary.  I will keep on
>> checking at
>> every login.
>> Otherwise, I can't really tell for sure what the user organization
>> is and
>> what email is valid.
>> 
>> Does this make more sense?
>> Thanks,
>> Pat.
>> 
>> 
>> 
>>> From: Hans Granqvist <hgranqvist at verisign.com>
>>> Date: Tue, 24 Apr 2007 09:07:06 -0700
>>> To: Pat Cappelaere <pat at cappelaere.com>
>>> Cc: "Recordon, David" <drecordon at verisign.com>, <general at openid.net>
>>> Subject: Re: [OpenID] OpenID + Certs
>>> 
>>> Pat Cappelaere wrote:
>>>> David,
>>>> 
>>>> This is pretty much what I need today.  Could you implement that
>>>> on your
>>>> OpenID server at Verisign, please? :)
>>>> Since it is optional, it would not break anything.
>>>> Since Verisign is pretty big in Certificate Management, it might
>>>> even make
>>>> sense.
>>>> Thanks,
>>>> Pat.
>>> 
>>> Pat, I'm confused: Do you want to use OpenID attribute exchange as
>>> a PKI
>>> distribution mechanism?
>>> 
>>> -Hans
>> 
>> 
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>> 
>> 
>

More information about the general mailing list