[OpenID] openid and acl's
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Tue Aug 7 16:42:30 UTC 2007
Very interesting post! Yes, it seems that there are many commons...
Steven Livingstone wrote:
> Henry, whilst i like this idea, i wonder how much of this could be
> solved by a trust system in place .. similar to the system already
> used by certificates.
>
> The main problem with certs is that it requires a lot of work for the
> user. However, OpenID does not and so although on its own it is not as
> secure as certificates, it does seem (to me) to have much in common.
>
> Now, i'm not sure what and how much people have discussed on this
> list (i try to keep up), but i'd figure that a system of trusted
> delegation and revocation would work well even in an extended OpenID
> world.
>
> So your Engineering team and Sun would have a two way trust system (or
> asymmetrical trust if you wished) so that an authenticated OpenID for
> either would be trusted in the other... and further could be used as
> part of authorization. Whether this worked as a browser redirect, or
> even better, using some delegated service authentication call is
> another question (the latter being worked on at the moment i believe).
>
> I think if we start trying to think of sychronized passwords and so on
> we are in for a world of pain. I imagine someone on this list is
> either thinking or doing something about a distributed trust network
> for OpenID providers?
>
> Revocation is a little tricker, but feasible.
>
> steven
> http://livz.org
>
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: startcom at startcom.org
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070807/1af7a3ba/attachment-0001.htm>
More information about the general
mailing list