[OpenID] Trust + Security @ OpenID
Dmitry Shechtman
damnian at gmail.com
Mon Jul 16 07:33:35 UTC 2007
I must admit that I haven't been closely following this discussion, so
please forgive me if I missed something.
I started working on an OpenID blacklist server. This is how I envision it:
1. Anybody can register an RP and get an API key.
2. A registered RP may query any OpenID identifier as follows:
http://openidbl.com/query?openid_identifier=${openid_identifier}
<http://openidbl.com/query?openid_identifier=$%7bopenid_identifier%7d&api_ke
y=$%7bapi_key%7d> &api_key=${api_key}
3. The blacklist server responds with a simple yes/no.
4. The RP caches the response (according to the local policy).
Thoughts?
Regards,
Dmitry
=damnian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070716/d6aeb8ae/attachment-0002.htm>
More information about the general
mailing list