Attestation
Johannes Ernst
jernst+openid.net at netmesh.us
Thu Apr 5 16:13:52 UTC 2007
There seem to be at least two variations of attestation if we
differentiate by how quickly the underlying statement (claim, ...)
may change. E.g.
1. long-term: X is a citizen of country Y. If it changes at all, it
takes years.
2. short-term: X is in the same room with me. It changes minute by
minute.
In the first case, we can do things like sign a claim and show that
signed claim every time somebody asks. In the second, we might have
to ask the asserting party in real time?
On Apr 5, 2007, at 7:33, McGovern, James F ((HTSC, IT)) wrote:
> The term attestation has a distinct legal meaning but within an IT
> context may be used interchangably with the notion of certification
> or periodic review. There are of course several levels of
> attestation. I propose that minimally OpenID incorporate the first
> notion where someone certifies you are who you say you are.
>
> In an enterprise environment, a manager may attest that a
> particular employee is still employed by them. In a user-centric
> world, if we could have the ability to digitally "sign" either a
> managed-card (in an enterprise setting) or across providers in a
> user setting along with capturing transactional attributes such as
> when it was signed, how long is this signature good for, the
> ability to revoke, etc we should be covered.
>
> Finally, an attestor should be able to choose from an enumeration
> of relationships such as spouse, manager/employer, service provider/
> customer, etc.
>
> What would it take to change the OpenID XML to incorporate?
>
>
>
> **********************************************************************
> ***
> This communication, including attachments, is
> for the exclusive use of addressee and may contain proprietary,
> confidential and/or privileged information. If you are not the
> intended
> recipient, any use, copying, disclosure, dissemination or
> distribution is
> strictly prohibited. If you are not the intended recipient, please
> notify
> the sender immediately by return e-mail, delete this communication and
> destroy all copies.
> **********************************************************************
> ***
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20070405/a25d70b8/attachment-0002.htm>
More information about the specs
mailing list