Attestation

Johannes Ernst jernst+openid.net at netmesh.us
Thu Apr 5 16:13:52 UTC 2007 

There seem to be at least two variations of attestation if we  
differentiate by how quickly the underlying statement (claim, ...)  
may change. E.g.

1. long-term: X is a citizen of country Y. If it changes at all, it  
takes years.
2. short-term: X is in the same room with me. It changes minute by  
minute.

In the first case, we can do things like sign a claim and show that  
signed claim every time somebody asks. In the second, we might have  
to ask the asserting party in real time?



On Apr 5, 2007, at 7:33, McGovern, James F ((HTSC, IT)) wrote:

> The term attestation has a distinct legal meaning but within an IT  
> context may be used interchangably with the notion of certification  
> or periodic review. There are of course several levels of  
> attestation. I propose that minimally OpenID incorporate the first  
> notion where someone certifies you are who you say you are.
>
> In an enterprise environment, a manager may attest that a  
> particular employee is still employed by them. In a user-centric  
> world, if we could have the ability to digitally "sign" either a  
> managed-card (in an enterprise setting) or across providers in a  
> user setting along with capturing transactional attributes such as  
> when it was signed, how long is this signature good for, the  
> ability to revoke, etc we should be covered.
>
> Finally, an attestor should be able to choose from an enumeration  
> of relationships such as spouse, manager/employer, service provider/ 
> customer, etc.
>
> What would it take to change the OpenID XML to incorporate?
>
>
>
> ********************************************************************** 
> ***
> This communication, including attachments, is
> for the exclusive use of addressee and may contain proprietary,
> confidential and/or privileged information. If you are not the  
> intended
> recipient, any use, copying, disclosure, dissemination or  
> distribution is
> strictly prohibited. If you are not the intended recipient, please  
> notify
> the sender immediately by return e-mail, delete this communication and
> destroy all copies.
> ********************************************************************** 
> ***
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20070405/a25d70b8/attachment-0002.htm>

More information about the specs mailing list