[OpenID] Trust + Security @ OpenID
Dmitry Shechtman
damnian at gmail.com
Mon Jul 16 09:52:21 UTC 2007
Eddy,
Thank you for your comments.
First of all, I believe that a list of IDPs which conform to a certain
standard and criteria is way more effective then a black list of rough IDPs
for reasons we all know.
I'll have to disagree. E.g. although MyOpenID.com is generally known as
trustworthy (it even has client certificates), nothing would prevent a
spammer from manually registering an account with MyOpenID.com to use it to
automatically post everywhere.
Second, there needs to be a defined policy and criteria and not
"Identifiers issued by http://www.jkg.in/openid/ will definitely be there".
Or in other words, what makes an IDP worthy to be used by default for 99%
of the relying parties? How do we protect OpenID, its RPs and effectively
also all other end users...?
Well, if such a policy and/or criteria could be easily defined (and widely
adopted), there would be no need for a central black/white list.
Third, OpenID isn't yet adopted widely, but already there are various black
and white lists and other efforts cruising around....
Are there? In that case, I should stop working on mine.
Wouldn't it be better to create one combined effort by the community with
clear policies and definitions? I'm not saying that your efforts are
useless, but isn't this the wrong direction? Is this the result of the
unwillingness of the OpenID leaders (notably the people listed here:
http://openid.net/wiki/index.php/OpenID_Foundation/Board ) to address it?
If you believe my efforts are going in the wrong direction, please by all
means elaborate on what you see as the right one. As I already mentioned in
previous discussions, I believe the OpenID Foundation shouldn't be in charge
of a central black/white list. I completely agree with the board's
(in)decision, as it helps keep OpenID as decentralized as possible.
Regards,
Dmitry
=damnian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070716/2b585873/attachment-0002.htm>
More information about the general
mailing list