[OpenID] Trust + Security @ OpenID
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Sun Jul 8 00:57:46 UTC 2007
Eric Norman wrote:
>>
>> OpenID is currently completely decentralized and no requirements are
>> set by anybody (yet). When comparing to PKI, anyone can run his own
>> "CA" in the OpenID world. Like Cardspace and self-run IDPs, they are
>> effectively like self-signed certificates. A relying party can choose
>> to trust them but nothing has been verified or guarantied in any form
>> (not even the integrity of the authentication process).
>>
>
> Seems like a fairly accurate description to me.
>
Glad to see you agree! Perhaps a point to add is, that not humans are
making the decision on a case to case basis (as when visiting a web
site, but rather dumb web sites are the relying party).
>
> It sounds like you want to re-invent policy OIDs
> and their accoutrements.
>
:-( Well, not really....but other projects went a similar path as I
suggested. It could be implemented and kept simple, but effective...and
in an open and free spirit as well.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: startcom at startcom.org
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070708/66044b54/attachment-0002.htm>
More information about the general
mailing list