XACML

Fen Labalme fen at 2idi.com
Wed Dec 12 05:32:18 UTC 2007


Hi James -

I appreciate your questions and look forward to the adoption of an
identity system that provides the capabilities needed for
reputation-based, trusted computing platforms of the future.

<rant>
I've been looking at identity from the XRI/i-names point of view, which
offers enhanced security options and better trust foundations - both
needed for rock solid reputation systems.  It's heresy to say this
(especially on this list) but in my opinion, OpenID is not the right
base technology.  It's a nice start and very smart people have been
enhancing the platform with better security, service discovery and
attribute exchange.  But XRI supported all that from the get go, as well
as local community creation, solid and arbitrarily complex data
interchange, OpenPrivacy-style nyms for enhanced data sharing with
privacy, and much more.  If you are required to trust someone (even
DNS!) to use an identity system, well, I think a user-centric digital
identity should empower the user to choose who they want to trust.

XACML theoretically melds with XRI/XDI cleanly, though little work has
been done in this direction.  The XDI data interchange language is
(usually) modeled using RDF where relationships are key.  WRT
attestation, I'm gravely concerned about the way TPM modules are
generally considered - I'd much rather they were based on an open
standard to enable people to choose who they trust, be it Intel,
Microsoft, the Free Software Foundation or their local church.  Some
preliminary work has been done in the XRI/XDI communities to create such
an open standard.
</rant>

Anyway, OpenID has got a huge head start, but I would suggest
considering XRI in your search of the field.

=Fen



Nat Sakimura wrote:
> Hi James,
>
> I am definitely interested in something like that.
> It has been a long standing ToDo for me, though
> currently, my focus is more on the reputation side
> because I need it now for an implementation that we are
> doing now (for enterprise use.)
>
> Nat
>
> Bill Washburn wrote:
>
>   
>> Hi James--
>>
>> Thanks for your note.  The OpenID community, made up of a considerable 
>> and growing number of developers, website operators, enterprises large 
>> and small, and of course end-users, cannot be spoken for by me alone or 
>> by the OpenID Foundation Board in any seriously comprehensive way.  Of 
>> course there are members of the community who have already developed and 
>> are working assiduously now to provide added functionality supporting 
>> and serving enterprise specific requirements.
>>
>> Having said that, I'm fully focused these days on membership and 
>> organizational efforts for OpenID Foundation and I'm not the right 
>> person to recommend names of individuals engaged in specific efforts to 
>> support XACML, relationship modeling, and so forth.  I'm certain 
>> individuals on the specs list will be able to address your substantive 
>> information request.
>>
>>  From the Foundation's perspective, however, I would certainly 
>> appreciate the chance to talk with you about The Hartford company taking 
>> the step of becoming a pioneering member of the OpenID community from 
>> the insurance world.  I hope we'll have the opportunity to talk soon.
>>
>> Thanks again for your inquiry.
>>
>> cheers,
>> -bill
>>
>> Bill Washburn
>> Executive Director
>> OpenID Foundation
>> +1 707 545 4823 (office)
>> +1 650 248 6113 (cell)
>>
>>
>> On Dec 11, 2007 9:31 AM, McGovern, James F (HTSC, IT) < 
>> James.McGovern at thehartford.com <mailto:James.McGovern at thehartford.com>> 
>> wrote:
>>
>>      OpenID 2.0 seems to have closed major security gaps and is usable in a
>>     consumer context. Are their plans to figure out how to add functionality
>>     to the next version of OpenID to support more enterprise considerations
>>     including support for XACML, modeling of relationships, attestation, etc
>>     or is the focus of participants here strictly consumer oriented?
>>
>>
>>     *************************************************************************
>>
>>     This communication, including attachments, is
>>     for the exclusive use of addressee and may contain proprietary,
>>     confidential and/or privileged information.  If you are not the intended
>>     recipient, any use, copying, disclosure, dissemination or
>>     distribution is
>>     strictly prohibited.  If you are not the intended recipient, please
>>     notify
>>     the sender immediately by return e-mail, delete this communication and
>>     destroy all copies.
>>     *************************************************************************
>>
>>
>>     _______________________________________________
>>     specs mailing list
>>     specs at openid.net <mailto:specs at openid.net>
>>     http://openid.net/mailman/listinfo/specs
>>     <http://openid.net/mailman/listinfo/specs>
>>
>>
>>     
>
>
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20071212/b8d7b34d/attachment-0001.htm>


More information about the specs mailing list