[OpenID] Trust + Security @ OpenID
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Mon Jul 16 20:17:43 UTC 2007
Hi Jason,
Jason Salaz wrote:
>
> That's a great way to shut out everyone that isn't an enterprise.
Why? That's not the way I presented it at all...you don't have to be an
enterprise in order to run an IDP service, do you?
> It's a great theory, but it'll never work in practice.
>
> I will never EVER submit my domain to be "approved" in order for RPs
> to take my auth.
You meant your IDP service? But you don't have to, nobody can force this
upon anybody...
>
> This is a very sticky subject, blocking illegitimate and legitimate,
> but there is one thing I know for sure;
> If you require people to have their IdP validated before the majority
> RPs will allow them to auth, you will have single handedly KILLED
> OpenID.
I don't believe so...Perhaps you should read exactly what I posted right
from the beginning! You register to various places today without even
thinking twice...you register to forums, to blogs, to paypal, to ebay,
to many wikis....an endless list. So why are you afraid to register your
IDP service?
Personally I believe it will strengthen OpenID and accelerate adoption
of OpenID by RPs! It will take the attack vector away from OpenID and
make it more secure. If reasonable applied I will see this as a
breakthrough for OpenID over similar concepts!
>
> Centralizing any aspect of a decentralized system is a very very BAD
> idea. Especially centralizing the part that OpenID decentralized in
> the first place.
Nothing will change in the concept, IDPs will operate decentralized and
freely as always.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: startcom at startcom.org
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070716/e321ab2d/attachment-0002.htm>
More information about the general
mailing list