<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16441" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN class=225074513-18052007>I am new here so
apologies if I am retracing old ground... caught the tail of this thread and it
seems to me a</SPAN></FONT><FONT face=Arial size=2><SPAN
class=225074513-18052007> "secure certification model" can mean a variety of
things and not all of them are useless.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=225074513-18052007></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=225074513-18052007>OpenID is newsworthy
here in the UK with the BBC picking up a couple of stories, but there is no call
to action. It is very much "ooh look - interesting technology coming up". This
needs to be converted to "here is a technology which can be used right now and
go to this place to use it today". </SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=225074513-18052007></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=225074513-18052007>Some form of logo
scheme could help with to link in and jump off to where it can be used. Some
bureaucracy to get this up and running might yield faster uptake and help get a
critical mass.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=225074513-18052007></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=225074513-18052007>The other area that
worries me is standards compliance. With 2.0 on the way the challenge of
distinguishing which features will work where and what it all means.
Logos could help here too... (cf HTML Verified logos)</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=225074513-18052007></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=225074513-18052007>Trust of the
IdP/RP is a hard problem OpenID isn't designed to solve. Phishability of
the IdP is also omitted so it can't even be said that IdPs are "secure" just by
implementing the standard. However, a</SPAN></FONT><FONT face=Arial size=2><SPAN
class=225074513-18052007>iding compliance and uptake of OpenID as-is
is another issue where inroads can be made.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=225074513-18052007></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=225074513-18052007>Andrew
Tomlinson</SPAN></FONT></DIV></BODY></HTML>