Attestation

McGovern, James F (HTSC, IT) James.McGovern at thehartford.com
Thu Apr 5 16:23:25 UTC 2007


I believe that specifying an arbitrary time is the better way to go as
it puts the work into the hands of the user. Otherwise, you would go
down a rathole in that a provider otherwise may then require the ability
to express a policy against it.

Message: 6
Date: Thu, 05 Apr 2007 09:16:20 -0700
From: Brian Hernacki <brian_hernacki at symantec.com>
Subject: Re: Attestation
To: OpenID specs list <specs at openid.net>
Message-ID: <C23A6EE4.647%brian_hernacki at symantec.com>
Content-Type: text/plain; charset="us-ascii"

It would seem preferable for the verifier to simply specify an arbitrary
period of validity at the time of signing as there are likely to be more
than just two cases.

--brian


On 4/5/07 9:13 AM, "Johannes Ernst" <jernst+openid.net at netmesh.us>
wrote:

> There seem to be at least two variations of attestation if we
differentiate by
> how quickly the underlying statement (claim, ...) may change. E.g.
> 
> 1. long-term: X is a citizen of country Y. If it changes at all, it
takes
> years.
> 2. short-term: X is in the same room with me. It changes minute by
minute.
> 
> In the first case, we can do things like sign a claim and show that
signed
> claim every time somebody asks. In the second, we might have to ask
the
> asserting party in real time?
> 


*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************




More information about the specs mailing list