[OpenID] Trust + Security @ OpenID
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Sun Jul 15 22:04:50 UTC 2007
Hi Simon,
Simon Willison wrote:
> I believe in the concept of whitelists, although at the level of
> individual OpenIDs rather than providers:
>
> http://simonwillison.net/2007/Jan/22/whitelisting/
>
Interesting, but it's not what I envision really...But seeing the
various efforts around black/whitelisting shows that there is a real
problem and a real need for a standardized solution! Even you think,
that you have to have some protection ;-)
> More generally, any body that operates a whitelist should (and I
> believe must) exist as a separate entity from the core OpenID effort.
>
I agree, so this effort can grow from within the current OpenID
community. This is what I'm trying to achieve with this discussion. I
imagine that he verifying body/foundation would be staffed by members
from this community, hopefully with some of the core members and leaders
present at the board (or whatever its setup).
> OpenID supports this already - if someone wants to set up this effort
> right now there's nothing to stop them from doing so, and they can
> build it on the existing 1.1 specification.
OK, how exactly should this be implemented?
> This also maintains
> OpenID's decentralised nature - there can be one provider whitelist
> effort or many, the spec has nothing to say on the matter.
>
Errr...I'd like to have a standardized way to hook in a provider
verification lookup or something along this lines...
> Personally, I plan to have my applications accept any and all OpenIDs,
> even ones from providers such as www.jkg.in/openid which I know to
> allow any user to authenticate any OpenID. If my users wish to give
> away their accounts then that's their business.
>
Sure, I think you'll be free to do that also in the future, but the
other ones preferring some verification level of the IDPs can choose to
use it too...I guess, that this is pretty much along the lines of
OpenIDs goals and nature...
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: startcom at startcom.org
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070716/de884ed0/attachment-0002.htm>
More information about the general
mailing list