[OpenID] Trust + Security @ OpenID

Andrew Tomlinson adt at cannontomlinsonbyrne.com
Fri Jul 20 10:16:15 UTC 2007 

In the end no technology is going to stop people saying things that are
untrue. Stopping this is a going to be a job for the courts. When somebody
says something untrue for personal gain it is fraud.
 
So for the whitelist/blacklist let people assert (non)compliance, you verify
as far as reasonable, you solicit dispute claims for untrue assertions, you
have terms and conditions which give a legal framework for
compensation/damages (or simply disclaim them).
 
So in the end the trusting party can only place an amount of trust in a
whitelist/blacklist equal to the level of legal protection plus any 'gut
feeling' aspects of how well they think the whitelist/blacklist is operated.
 
I think the situation is very similar to SMTP RBL. If you look at the amount
of legal claims MAPS have had to deal with you see the importance of a solid
legal framework!
 
Andrew
 
  _____  

From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: 19 July 2007 18:31
To: Brendan Taylor; general at openid.net
Subject: Re: [OpenID] Trust + Security @ OpenID


Hi Brendan,

Brendan Taylor wrote: 



How will you verify that I'm using the authentication method I claim I am?

Since no such body yet exists nor any discussion has been taken place at all
on how it should function (foundation, board, staff, volunteers, mission,
rules etc), I guess this is somewhat premature. Obviously those are all
decisions which would have to be defined in a verification policy or
guideline. But to answer the question, one method could be, by simply
accessing the system by a representative  or volunteer and requesting an
account. It might be that from time to time such a check will be randomly
repeated perhaps?

Ideas for verification methods of the various bits could be interesting!



-- 

Regards
 
Signer:      Eddy Nigg, StartCom Ltd.
Jabber:      startcom at startcom.org
Phone:       +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070720/dad3183b/attachment-0002.htm>

More information about the general mailing list