OpenID security
Hans Granqvist
hgranqvist at verisign.com
Wed Oct 25 00:44:27 UTC 2006
Eddy Nigg (StartCom Ltd.) wrote:
> Hans Granqvist wrote:
>> Depends on what people on the list want. How about you?
> A. It's not complete
What is missing? (Please don't respond with the sections that
are already specified as TBD.)
> B. It has a geeky approach (which is really OK), but I'd prefer a clear
> cut model of security defined, i.e. only options which define certain
> levels, but not unsecured ones
I don't understand. Can you give an example on what you'd expect?
I want these profiles to be usable.
> ...
> defines the options: the IDP or the RP? If only the IDP decides on that,
> then this might be OK, since the IDP can advertise, that he is running
> only in secure mode...making others less attractive....
Both the IDP and the RP can advertise adherence to specific profiles.
>
> --
> Regards
>
> Signer: Eddy Nigg, StartCom Ltd.
> Phone: +1.213.341.0390
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list