[OpenID] Trust + Security @ OpenID
Meng Weng Wong
mengwong at pobox.com
Tue Jul 17 18:55:42 UTC 2007
On Jul 17, 2007, at 6:43 PM, Chris Obdam wrote:
> There is no public black/whitelist of OpenID providers already?
i'm building one, but i was waiting for this thread to conclude
before i announced it. i am extracting requirements and design
principles from this thread. i will post my summary on the wiki, and
then connect any consensus that arises, to my white/blacklist
implementation.
On 16-jul-2007, at 18:06, Scott Kveton wrote:
>>
>> Email has had this problem for years and the solution was the
>> creation
>> of real-time blackhole lists (RBL's). I've used these for years and
>> have been so thankful they exist. However, they are not without
>> their
>> problems. Liability and litigation have caused all sorts of problems
>> for RBL's ... apply this to identity and the legal minefield gets
>> that
>> much more crowded.
there are lessons to be learned from email; i'd like to think that we
can do better. i don't want to repeat the RBL approach if we can
help it. while the perfect is the enemy of the good, "worse is
better" doesn't have to be "worst is best".
we have a chance to get it right from the start. please, let's try.
if it doesn't work we can at least say we tried.
some time ago i went into Cassandra mode and wrote:
http://mengwong.livejournal.com/3479.html
so you can see where i'm coming from.
More information about the general
mailing list