[OpenID] OpenID + Certs

Dick Hardt dick at sxip.com
Tue Apr 24 22:36:52 UTC 2007 

Pat

I think you are confusing people using the term Certificate here.  
While a certificate can contain any data, I think of the certs  
primarily as being a statement binding an entity to a public key.

I think you are talking about verified claims, and this is definitely  
something that Attribute Exchange is all about.

We have some demo code where you can get a claim binding your OpenID  
to an email address at:

	https://verify.sxip.com/email/.

The only OP I know of that talks AX at this point is Sxipper.

-- Dick

On 24-Apr-07, at 10:14 PM, Pat Cappelaere wrote:

> Hans,
>
> Not as a distribution mechanism per say, but as a way to get access to
> validated information about a user.  Corporate personna would be
> encapsulated in the PKI that would not be tampered with by the user  
> (like
> any of the other profile attributes which can be altered at will).
> That cert would only be one extra attribute in the profile.
> The user could upload new ones if necessary.  I will keep on  
> checking at
> every login.
> Otherwise, I can't really tell for sure what the user organization  
> is and
> what email is valid.
>
> Does this make more sense?
> Thanks,
> Pat.
>
>
>
>> From: Hans Granqvist <hgranqvist at verisign.com>
>> Date: Tue, 24 Apr 2007 09:07:06 -0700
>> To: Pat Cappelaere <pat at cappelaere.com>
>> Cc: "Recordon, David" <drecordon at verisign.com>, <general at openid.net>
>> Subject: Re: [OpenID] OpenID + Certs
>>
>> Pat Cappelaere wrote:
>>> David,
>>>
>>> This is pretty much what I need today.  Could you implement that  
>>> on your
>>> OpenID server at Verisign, please? :)
>>> Since it is optional, it would not break anything.
>>> Since Verisign is pretty big in Certificate Management, it might  
>>> even make
>>> sense.
>>> Thanks,
>>> Pat.
>>
>> Pat, I'm confused: Do you want to use OpenID attribute exchange as  
>> a PKI
>> distribution mechanism?
>>
>> -Hans
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>

More information about the general mailing list