Special Request: Client Certificates vs. OpenID

McGovern, James F (HTSC, IT) James.McGovern at thehartford.com
Mon Jan 22 22:39:56 UTC 2007

My question was a little different than your response. I understand that Client Certificates can be used in addition to, but I was asking about documenting scenarios in blog entries where it could be used instead of. For example, if the Pharma SAFE (http://www.cybertrust.com/pr_events/press_releases/2005/03/29/) where to look at their problem space in 2007, would they have chosen client certificates.

-----Original Message-----
From: Alaric Dailey [mailto:alaricdailey at hotmail.com]
Sent: Monday, January 22, 2007 2:02 PM
To: McGovern, James F (HTSC, IT); specs at openid.net
Subject: RE: Special Request: Client Certificates vs. OpenID

Client certificates could easily be used to extend openID, and since (last
time I checked) the authentication process was entirely up to the IdP, a
client certificate based IdP should be open to be created. 

Most CAs have created a problem because they only allow a user to use their
certs (mostly because CAs don't all follow the same persona verification
standards, and to a lesser degree politics). Now, over at StartCom, Eddy has
created a system where users are allowed to register any certificate they
like to login, very much like the USPS has done for the "Electronic Post

This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.

More information about the specs mailing list