[OpenID] Laws of id, openid with ssl

Gabe Wachob gwachob at wachob.com
Thu Jan 24 22:30:28 UTC 2008 

Peter-
   I've pointed this out too (having been at Visa until relatively recently,
and having done work on 3-D Secure in the last two years). The real tragedy
was that the 3-D Secure protocol and all the implementation details were
behind a wall of non-disclosure and licensing (for no particularly good
reason, as far as I could tell - maybe some patent issues - I don't open).
   Just another reason why *Open*ID will win over closed protocols like 3-D
secure in the end, I think - even if OpenID has to deal with the lack of a
managed risk model "out of the box".

     -Gabe

On Jan 24, 2008 1:15 PM, Peter Williams <pwilliams at rapattoni.com> wrote:

>
> PS The flow I outlined seems very little different to how
> Visa/Mastercard's financial webSSO works (in the 1997-era 3dsecure
> standards), where virtual and/or use-once PANs (visa card numbers) could be
> manufactured by the various merchant/acquirer gateways (acting as asserting
> parties), for consumption by particular communities of merchants subscribing
> to particular "managed risk models" - ultimately serviced by VISANet.
>
>
>
> ________________________________
>
> From: Drummond Reed [mailto:drummond.reed at cordance.net]
> Sent: Thu 1/24/2008 12:19 PM
> To: Peter Williams; 'OpenID List'
> Subject: RE: [OpenID] Laws of id, openid with ssl
>
>
>
> > Peter Williams wrote:
> > Law 4:directed identity. Enough said. The mission of uci is contrary to
> > this law? Surely? Uci thesis essentially denies the legitinmacy of the
> > notion of private identities.
>
> Peter, the directed identity feature in OpenID 2.0 fully supports directed
> identity. Thus I would not say the "user-centric identity thesis" denies
> the
> legitimacy of the notion of private identities at all. Rather user-centric
> identity means the user is in control of the identifiers. As of OpenID 2.0
> ,
> a user can have two types of user-centric identifiers: public identifiers
> (what Law 4 calls "omnidirectional identifiers") that can be shared
> publicly, and private identifiers (what Law 4 calls "directional
> identifiers") which are not intended to be shared publicly.
>
> =Drummond
>
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>



-- 
Gabe Wachob / gwachob at wachob.com \ http://blog.wachob.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080124/ba73a74b/attachment-0002.htm>

More information about the general mailing list