[OpenID] Trust + Security @ OpenID
Scott Kveton
scott at kveton.com
Mon Jul 16 16:06:51 UTC 2007
> @Scott: You can support a centralized list of certified OpenID
> servers, as long as it isn't part of the OpenID foundation? :-)
Email has had this problem for years and the solution was the creation
of real-time blackhole lists (RBL's). I've used these for years and
have been so thankful they exist. However, they are not without their
problems. Liability and litigation have caused all sorts of problems
for RBL's ... apply this to identity and the legal minefield gets that
much more crowded.
So, my stupidly long-winded response to your question is this; I'll
personally use a centralized list of "trusted" (<- in quotes because
its a fully-loaded word) OpenID providers if it exists but I don't
believe that the OpenID Foundation should advocate, sponsor, implement
or specifically support any one.
- Scott
More information about the general
mailing list