backchannel/endpoint URLs, desired attributes
Breno de Medeiros
breno at google.com
Fri Dec 18 22:48:48 UTC 2009
Dick,
On Fri, Dec 18, 2009 at 1:54 PM, Dick Hardt <Dick.Hardt at microsoft.com>wrote:
> One of the my objectives with OpenID was that that OP was *only*
> authoritative about the user's OpenID -- not anything else.
>
> Other attributes would ideally be asserted by parties that are already
> trusted to make those assertions. The OP would be the clearing house for
> those verified attributes, but would not be the authority. For example, I
> may get a claim from the government binding my OpenID to my name and date of
> birth. I could then present that claim along with my OpenID to an RP. If
> they trust the government (or whichever entity generated the claim), then
> they have "confidence" in my name and date of birth.
>
>
I think few would dispute that if we had the techniques and tools and
library support to make this work well and widely, it would be A Good Thing.
The devil is in the details. We would need to spec how to make and sign such
claims, how to find out who is authoritative for a particular type of claim,
have a key management and revocation for claim issuers, etc.
There is an increasing recognition of the value in tackling this. But so far
I have not heard enough in the OIDF mailing lists to sense the level of
commitment that would be necessary to push such work through.
The European Union has been sponsoring an effort to build such an
infrastructure, but it's not clear at this point if/when it will be
available or if it will be suitable for the consumer web ecosystem at all.
--
--Breno
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20091218/7d57beea/attachment.htm>
More information about the specs
mailing list