[OpenID] Laws of id, openid with ssl

Peter Williams pwilliams at rapattoni.com
Thu Jan 24 01:46:21 UTC 2008


Ok. I broke down and bought a cardspace book that forces me to study the laws of identity. After 15 years at this identity game (and 800 million payment smart/magstripe cards, 7 million dod cac cards, who knows how many verisign digitalids and yet a mere  100K saml idps) there is still space to learn what actually works in B2B and B2C identity systems on the net. To be fair to msft, I don't have 800 million hotmail accounts to deal with!

Ok openid2 is law compliant. 

But, is it? Now that it require https?

Law 1: consent. Well! Nothing in openid ensures my consent was required to release of my referrer url or ip address.

Law 2: constraint. I feel good about openid on that score, unless its the ajax mode. In ajax mode, its the implementor who decides wheer to comply with 2

Law 3: justifiable involvement. Harumph!  Every interaction between me, my op and the rp is subject to verisign involvement (both in dns monitorin and the crl/ocsp check that comes with modern ssl, by default). Mid openid flow, I don't even know that saic/verisign was doing ocsp trap/trace courtesy msft cryptoapi). Hmm.

Law 4:directed identity. Enough said. The mission of uci is contrary to this law? Surely? Uci thesis essentially denies the legitinmacy of the notion of private identities.

Law 5: feel good on this, except for the term channel.me and the occult never got on well. Still don't undertand this law, in terms of chanelling. Sounds like a post WWI concept addressing identity loss.

Law 6: in the case of cardspace (and its use of trusted windows desktops) I feel good. Openid wtihtout infocard support seems lacking. Fortunately, skip have been working precisely on that area...

Law 7: consistency. Hmm here I worry. Put a cmw machine on trusted solaris, I somehow doubt the window manager wll behave as it does in civilian windows when petitioning for an infocard.

-----Original Message-----
From: David Recordon <drecordon at sixapart.com>
Sent: Tuesday, January 22, 2008 10:18 AM
To: tom <tom at barnraiser.org>
Cc: OpenID List <general at openid.net>
Subject: Re: [OpenID] Plaxo contact?

Hey Tom,
You should drop joseph at plaxo.com an email.

--David

On Jan 22, 2008, at 7:19 AM, tom wrote:

> Hi all,
>
> We have a problem authenticating with Plaxo using our OpenID OP  
> script.
> Is there anyone on list from Plaxo that can help us fix a signature
> error from plaxo.com? If so, please email me and I'll write a detailed
> error description for you.
>
> Thanks
>
> tom
>
> -- 
> Tom Calthrop
> Founding director, Barnraiser.
>
> Dedicated to giving people the tools they need to share
> knowledge and advance society through social software.
>
> Web site: http://www.barnraiser.org/
> OpenID: http://tom.calthrop.info/
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general


_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general



More information about the general mailing list