[OpenID] Trust + Security @ OpenID
tom calthrop
tom at barnraiser.org
Mon Jul 16 06:15:46 UTC 2007
Hi All,
I appreciate whitelisting will happen and I hope the OpenID foundation
leave this to consumers (effectively creating a blocked list) who will
I'm sure lead to some independent whitelisting service that consumers
can sign up to. I just wanted to throw into the mix another approach
that we are taking from the social networking community....
We will be establishing trust for person A by asking person B to verify
that person A is a human friend (thus vouching for them). This is very
successful in a social networking model.
We will soon have two products; a personal OP with social networking
functionality and our current group collaboration tool (called
AROUNDMe). It will be possible for only people who have been vouched for
to enter an AROUNDMe collaborative space. So we authenticate person A,
then lookup from person B that they confirm trust with person A.
One could argue that this is crackable (person A and person B are both
from http://spam.com) however we like this model because it follows a
de-centralized approach. One possible approach to this is adding person
B to a verification blacklist if it is found that person B verifies for
spam ID's
On another note, I have asked the OpenID Foundation board to set up a
social networking group (much like a w3c working group), but to date I
have received no reply from them, so were are going to develop this at
http://openid.barnraiser.net and make all the specs available anyway.
[note AROUNDMe is a GNU package / free software]
tom
>
>
More information about the general
mailing list