[OpenID] OAuth SPs don't have to be your OpenID OP

santrajan santrajan at gmail.com
Sat Apr 4 05:06:52 UTC 2009

The point is was making is that OpenID need not try to solve all the problems
of the world. Wether we like it or not RP's are going to decide who they are
going trust.

Andrew Arnott wrote:
>> The problem is that we are not considering one aspect of the internet we
>> have
>> seen over the years. The internet has an uncanny ability to sort out
>> trust
>> issues on it own. Users learn which RP's to trust. Rp's learn which OP's
>> to
>> trust. Maybe we should factor this into the thinking and move on instead
>> of
>> getting bogged down by trust issues.
> Wow.  Coming from someone who's been complaining that OpenID doesn't
> provide
> a way for RP's to skip email verification because they can't trust OPs,
> I'm
> amazed to hear you suggest we skip over worrying about solving the trust
> problem.  How do you think the Internet "sort out trust issues on its
> own?"
>  SSL cert verification didn't just happen.  Trust layers have to be
> conceived, standardized, and implemented to be very useful.  Yes, an RP
> today can decide to trust an OP "on its own", but there are many other
> scenarios we haven't discussed recently that can only be enabled if
> infrastructure-assisted trust relationships is created.
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

View this message in context: http://www.nabble.com/OAuth-SPs-don%27t-have-to-be-your-OpenID-OP-tp22879703p22880107.html
Sent from the OpenID - General mailing list archive at Nabble.com.

More information about the general mailing list