Server-to-server channel

Johannes Ernst jernst+openid.net at netmesh.us
Thu Apr 5 04:56:37 UTC 2007


This was, of course, the original LID design, and you are presenting  
the rationale for it.

See http://lid.netmesh.org/


On Apr 4, 2007, at 20:59, Chris Drake wrote:

> Thursday, April 5, 2007, 5:43:02 AM, you wrote:
>
> [snip]
>
> DO> How these keys are handled internally could be left to the
> DO> consumer or RP.
>
> [snip]
>
> This sounds like another *strong* use-case for updating the OpenID
> protocol to allow transactions to take place when the user is not
> present.
>
> I am not likely to be present when people relying upon my certificates
> choose to verify signatures, check for revocation, or attempt to
> encrypt stuff destined for me.
>
> There needs to be a way for the RP to contact my OP and get access to
> my information (eg: my current public key and revocation list) - by my
> explicit prior consent of course.
>
> I believe it's entirely unreasonable, and privacy-invasive, and
> identity-theft-dangering, to expect every RP out there to have to
> cache a copy of all my credentials, and for me or my OP to have to
> propagate any changes/updates/addition etc out to them all.  Keeping
> all my info in one place solves this - only if the RPs can get what
> they want, *when* they want, which can't be done without
> server-to-server means.
>
> Chris.
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs




More information about the specs mailing list