[OpenID] Trust + Security @ OpenID
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Mon Jul 16 08:18:54 UTC 2007
Errr...isn't this supposed to be a "white list server"? I mean, are you
having a black list of "bad" IDPs or are you registering "good" IDPs in
this list? Whatever the choice, under which criteria are you listing
either one on your list?
Dmitry Shechtman wrote:
>
> I must admit that I haven’t been closely following this discussion, so
> please forgive me if I missed something.
>
>
>
> I started working on an OpenID blacklist server. This is how I
> envision it:
>
>
>
> 1. Anybody can register an RP and get an API key.
> 2. A registered RP may query any OpenID identifier as follows:
>
>
>
> http://openidbl.com/query?openid_identifier=${openid_identifier}&api_key=${api_key}
> <http://openidbl.com/query?openid_identifier=$%7bopenid_identifier%7d&api_key=$%7bapi_key%7d>
>
>
>
> 3. The blacklist server responds with a simple yes/no.
> 4. The RP caches the response (according to the local policy).
>
>
>
> Thoughts?
>
>
>
>
>
> Regards,
>
> Dmitry
>
> =damnian
>
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: startcom at startcom.org
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070716/ec175ca7/attachment-0002.htm>
More information about the general
mailing list