[OpenID] OWL project for OpenID WhiteListing
Meng Weng Wong
mengwong at pobox.com
Thu Jul 5 19:07:08 UTC 2007
On Jul 5, 2007, at 11:18 AM, Evan Prodromou wrote:
> On Thu, 2007-05-07 at 14:12 +0300, Martin Paljak wrote:
>
>> You can't enforce the way applications are built or organizations
>> work. You can't dictate the way OpenID is used. RP decides what is
>> good, why is good and how is good enough for it to operate and
>> there's nothing others can do.
>
I agree. The above argument is successfully used in the email world
of antispam DNSBLs.
> I've found that one of the great entry points for OpenID is two-way or
> multi-way closed trust systems. The big use case for many
> administrators
> seems to be letting users from another "partner" site log into
> their own
> site, and vice versa. Only after this relationship is established do
> some admins enable more open trust relationships.
>
I am working on web-of-trust whitelisting, and will keep this in mind
as a common starting point.
So far I have the following proposal. Please accept my apologies for
any terminology inconsistencies with existing work. I am still
getting up to speed and have not read all the specs yet.
OpenID WhiteListing (OWL) Project
(The world is not black and white, so I may add more nuance to the
concept of a whitelist; perhaps it should be more value-neutrally
called a "claimlist".)
This project, as a v0.1 straw man prototype, produces three whitelists.
Please consider these whitelists to be Platonic forms which may see
one or more embodiments, provided by different operators, and used by
different people in different ways.
OWL-OP
A whitelist of OpenID Providers.
A Relying Party may choose to distinguish EUs associated with a
listed OP.
OWL-RLY
A whitelist of OpenId Relying Parties.
At present, the login process involves two speedbumps.
Speedbump 1: "Oops, you're not logged in to your OP. Please login now."
Speedbump 2: "Now that you're logged in to the OP, do you want to
trust this RP?"
Speedbump 1 is addressed by extending OP session longevity as much as
possible.
Speedbump 2 may be addressed by OWL-RLY.
If an RP is on the list, an OpenID Provider may choose to bypass it
and just proceed with a "yes" assumption.
I hereby name the bypass operation "YARLY".
An OpenID Provider can offer its End-Users a menu of which whitelists
to trust, with defaults preset in the spirit of libertarian
paternalism. Tinfoilhat types can uncheck all. Our grandmothers can
check all. Tinfoilhat grandmothers are considered an edge case.
For people with no sense of humour, OWL-RLY is aliased identically to
OWL-RP.
OWL-EU
A whitelist of OpenID End-Users.
RPs can use this whitelist where increased granularity is needed.
The analogous case is when both legitimate and phishing websites are
hosted on Geocities.
The corresponding OBL-EU may be used as a signaling mechanism to
inform OPs that their EUs have been naughty.
Implications for User Experience and Phishing
If the ORLY / YARLY paradigm gains adoption, and if end-users stay
logged in to their OPs >98% of the time, then the typical use case
will bypass both the login speedbump and the "allow?" speedbump. We
may then observe a reduction in phishing scenarios, as end-users will
be alerted by the very unexpectedness of the login speedbump.
I make the assumption that to combat phishing it is important to
marginalize the appearance of any speedbump at all. If users become
accustomed to clicking through Speedbump 2, I assert that they will
be less alert when presented with a phish of Speedbump 1.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070705/d0e41dab/attachment-0002.htm>
More information about the general
mailing list