[OpenID] Trust + Security @ OpenID
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Sun Jul 15 20:37:49 UTC 2007
Howdy,
Peter Williams wrote:
> Lets take head-on this issue from last week, too:-
>
;-)
After reading your lengthy post, I want to keep it simple instead with
my reply. As a first step I don't believe we MUST have identity
verification (which will be desirable as an extension in the future),
but a way to keep rough IDPs from operating. A first step has been done
here: http://openid.net/wiki/index.php/Reputation
So I believe in the concept of whitelists and have IDPs go through some
verification process. The extend of this process and what it would
include has to be discussed obviously, but I really would like to see to
take this one step further and form such a body (starting with
discussions about how this body should operate and function first, its
(perhaps simple) constitution and mission, who staffs it etc. etc.).
At last, the standard should provide an extension to enable such a
lookup of verified IDPs (online). The libraries may implement this
extension and should be easy configurable with some yes/no flag (require
verified IDP).
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: startcom at startcom.org
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070715/52ccb98d/attachment-0002.htm>
More information about the general
mailing list