[OpenID] Initial thoughts on OpenID
John Wang
jwanggroups at gmail.com
Wed Jul 11 04:29:31 UTC 2007
On 7/9/07, John Panzer <jpanzeracm at johnpanzer.com> wrote:
>
> John Wang wrote:
> > Recently I started considering OpenID authentication for a project. I
> > watched two screencasts and spoke to a few people to get a general feel
> > for the project and then jotted down my thoughts here:
> >
> > http://www.dev411.com/blog/2007/07/07/initial-thoughts-on-openid
> >
> > Some of the thoughts are similar to some posts on this list. Please let
> > me know where/if I'm wrong. I considered inlining the text but it's kind
> > of long.
>
> I saw your blog post earlier today and thought it was interesting. One
> thing jumped out at me: There's a useful distinction between an OP
> which connects an identity to a real world person (as banks do), and an
> OP which does not but does provide reasonably strong authentication of
> 'online-only' identities. So I'd like to have a 'tier 1.5', where I
> want e.g. SSL/TLS but I don't need a full 'tier 1' OP assurance. I think
> this is common.
I agree this is a useful distinction. Thanks for mentioning it.
I'd also note that an RP may have different assurance needs depending on
> what it's planning to do. So rather than categorizing RPs, I'd
> categorize RP operations. An RP should accept the minimal assurance
> necessary for its least secure operation (IMHO) and require upgrading as
> necessary if a user attempts more secure operations.
This sounds good for the specs but I didn't include it because it adds
complexity for the article and I'm not sure how "theoretical" this is
because I'm not sure how many organizations use this. I remember this coming
up when authorization products were starting to get popular but didn't get
the feeling that many organizations actually do this. Is this used at any
popular sites?
--
John Wang
http://www.dev411.com/blog/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070710/43159d9e/attachment-0002.htm>
More information about the general
mailing list