[OpenID - Eu] Mission Statement of OpenID Europe

Martin Paljak martin at paljak.pri.ee
Fri May 18 12:39:16 UTC 2007 

On 18.05.2007, at 15:00, Chris Obdam wrote:
> @Martin: But what can OEE do to make that happen?
Work together with related national and EU agencies to promote the  
'lightweight identity problem on the net and a solution called  
openid'. I do it in Estonia for example.

> What do you think of the part: "providing a secure certfication model
> for OpenID providers in Europe"
I don't believe in such things. This sounds like bureaucracy that  
doesn't really get us anywhere and before the label would start to  
mean anything to end users it is too late and/or not relevant any  
more. But if it existed - it wouldn't hurt of course.

> I mean by that: Creating a label which tells the OpenID user that the
> OpenID provider is safe.

Why or how should an OpenID provider be different from a web shop or  
an online payment provider? Hopefully nobody would consider non-SSL  
to be secure. Shouldn't the certification policy of 'security  
sellers' like Verisign (Hello David!) already make users rest assured  
that they are dealing with a good guy when they visit an OpenID  
provider using a ultra-checked certificate on the server side? Do  
users see the difference ? Do they buy the difference (well, they  
should see a green bar in IE, according to Microsoft) ? Does it  
really matter ?

There are already several entities like truste.org and friends that  
should equally apply to OpenID providers - and be equally useful or  
useless in that matter.

I think it is much more important to push the acceptance of the  
technology (how many *providers* we currently have vs how many  
*consumers* ?) and make people aware of the SSO problem with a very  
practical - and also secure - solution available *right now*. If the  
end users make smart choices in the beginning - and use and request  
support for OpenID - they would do them also later and would use  
secure providers. If they are dumb they remain dumb forever, no  
matter how hard you try. But having a lot of dumb users sitting on  
top of ultra-secure openid providers and nothing to do with them is  
not useful either.

Considering something safe is a matter of personal taste and  
opinions. I would not try to regulate that opinion or would re-use  
something that is known to raise the understanding of 'safe and  
secure' for users. In some countries government is highly trusted and  
anything that 'comes from federal or military systems' is considered  
'the best'. Some people don't trust their governments at all.

Some people trust banks. I do. In Estonia. I log on to internet banks  
using smart cards and have to sign (extra PIN) any transactions above  
~700€. In Spain I could register for a bank account via the internet,  
get a debit card via mail and online banking (I never used it myself)  
was a simple username and password pair... And my local colleagues  
called that bank 'a good and trusted bank'.

I think that is is very cool that OpenID does not talk about trust at  
all currently. You can't have uniform trust. That is the reason why  
'interoperable eID in Europe' is a big mess with no real idea what  
everybody are talking about. If we could push the idea that 'logging  
on could mean OpenID' and systems could be built where the 'who are  
you?' question is modeled as an URL in the system is already a very  
good start. Trust etc will follow if you have a universal playground.




>
> On 18-mei-2007, at 13:27, Martin Paljak wrote:
>
>> On 18.05.2007, at 14:02, Chris Obdam wrote:
>>> Promoting OpenID in Europe
>> ACK
>>
>>> and providing a secure certfication model for OpenID providers in
>>> Europe.
>>
>> I believe in cooperation and that OpenID itself is a good step but
>> not good enough to be 'the future'. I believe in strong
>> authentication and there's a lot of work already going on in this
>> field - eID cards etc. You might be interested in http://
>> www.comune.grosseto.it/interopeid/ and https://open.id.ee/about/
>> english.
>>
>> So instead of  creating a parallel universe 'for all things openid'
>> we should look how we could build upon the work already done by
>> many people.
>>
>> Greets,
>> "OpenID Estonia" or the pers on behind https://open.id.ee/about/
>> english
>>
>> -- 
>> Martin Paljak
>>
> _______________________________________________
> eu mailing list
> eu at openid.net
> http://openid.net/mailman/listinfo/eu

-- 
Martin Paljak

More information about the eu mailing list