OpenID 3.0
McGovern, James F (HTSC, IT)
James.McGovern at thehartford.com
Fri Feb 1 16:25:23 UTC 2008
Figured I would ask if anyone is interested in brainstorming the next
version of OpenID and how it can be used in Enterprise B2B settings and
not solely focusing on consumerish interactions. Some things that I
would like to see in the next version are:
1. A discussion on how AuthZ can converge with OpenID
2. Modeling of relationships
3. Not allowing an OpenID to be a vector for SQL Injection and putting
something around what it should look like
4. A way to indicate to the relying party what level of authentication
has occurred such as did the OP check a password, how did it validate a
user. Without this, there is no way that a trust model could be
established in a credible way.
5. A way for OpenID relying parties to filter out Ops. In a business
scenario, if I run the Sun employee store, I may only want the Sun OP to
talk with me.
*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information. If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited. If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20080201/182fa881/attachment-0002.htm>
More information about the specs
mailing list