[OpenID] Trust + Security @ OpenID
Ashish Jain
ajain at pingidentity.com
Mon Jul 16 19:29:48 UTC 2007
Jumping in late here:
<I will never EVER submit my domain to be "approved" in order for RPs
to take my auth.>
It seems like a technologist view where you feel in control by having
your own IdP. At the end of the day, it should be RP's decision whether
to allow your IdP or only the whitelisted IdPs. I can definitely think
of the cases, where such a whitelist should be a considered a
pre-requisite before OpenID-enablement.
I do agree with the comment that 'centralizing any aspect of a
decentralized system is a bad idea'. This is why the OpenID board
shouldn't endorse any whitelist provider. Similar to how I'm free to
start my own OpenID provider or my own OpenID directory, I should be
free to start my own OpenID reputation service. And then the relying
parties should be free to use it if they see any value.
-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Jason Salaz
Sent: Monday, July 16, 2007 11:28 AM
To: Eddy Nigg (StartCom Ltd.)
Cc: general at openid.net
Subject: Re: [OpenID] Trust + Security @ OpenID
On 7/16/07, Eddy Nigg (StartCom Ltd.) <eddy_nigg at startcom.org> wrote:
>
> First of all, I believe that a list of IDPs which conform to a
certain
> standard and criteria is way more effective then a black list of rough
IDPs
> for reasons we all know.
That's a great way to shut out everyone that isn't an enterprise.
It's a great theory, but it'll never work in practice.
I will never EVER submit my domain to be "approved" in order for RPs
to take my auth.
This is a very sticky subject, blocking illegitimate and legitimate,
but there is one thing I know for sure;
If you require people to have their IdP validated before the majority
RPs will allow them to auth, you will have single handedly KILLED
OpenID.
Centralizing any aspect of a decentralized system is a very very BAD
idea. Especially centralizing the part that OpenID decentralized in
the first place.
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070716/b32b4e44/attachment-0002.htm>
More information about the general
mailing list