[OpenID] OpenID + Certs

Recordon, David drecordon at verisign.com
Tue Apr 24 09:30:43 UTC 2007 

I'd see this as something you could define within Attribute Exchange.
An attribute type for a cert...though I think certs would be one of a
few ways to exchange verified information.

--David

-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Pat Cappelaere
Sent: Monday, April 23, 2007 5:19 PM
To: Pat Cappelaere; general at openid.net
Subject: Re: [OpenID] OpenID + Certs

Let me try to re-articulate my use-case better.

Let's imagine a site that has a lot of sensitive data that is not
generally released to the general public.  However, in case of national
emergency, this fictitious organization would be willing to exchange its
data to selected members of other trusted organizations for emergency
response (RedCross, Police, Fire Fighters...)

OpenID seems to be a nice way to define a web personna but also a
corporate personna.  Some OpenID providers are starting to use certs
(https://certifi.ca, https://prooveme.com/...)

So I was thinking about getting access to that validated cert as part of
the profile exchange attributes.  If the cert is external, it is
unlikely that the user has tampered with the information and I could
easily validate the user organization, email...
Currently, users have editing control over the attributes which is not
good in my case (but fine in all others).
Allowing the cert to be handed over as an optional attribute seems to be
a good trade to me.

What do you guys think?  I would love to see certifi.ca offering this
capability (or anybody else for that matter like Verisign)

Thanks,
Pat.

> From: Pat Cappelaere <pat at cappelaere.com>
> Date: Mon, 23 Apr 2007 13:14:24 -0400
> To: <general at openid.net>
> Conversation: OpenID + Certs
> Subject: [OpenID] OpenID + Certs
> 
> We are starting to see more sites that serve OpenIDS and use 
> certificates for client-side SSL.
> This is good news.  What would even be better would be to make the 
> user cert available in the sreg optional attributes for more stringent
consumers.
> This would allow me to validate a user's belonging to a specific 
> organization for instance if he agrees of course.  This would allow 
> certain sites to release more sensitive information for Humanitarian 
> Assistance and/or Disaster Relief in my case.
> Could this be added easily?
> Does this make sense?
> Wdyt?
> 
> Pat.
> eo1.geobliki.com
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list