[OpenID] Trust + Security @ OpenID

Mon Jul 16 21:37:36 UTC 2007

Hi Peter,

Peter Williams wrote:
> I don't see why there would be just one of them.
>  
> What we want surely is 10 of them , each with different reputation-based criteria.
>   
Let it be 10 of them if it makes anybody happy! Did I say, what I aim 
for, has to be the only one? But I'm trying to get ONE reputation 
service of the ground...obviously with the criterion I see as most 
important and with the broadest support possible from the community. 
Perhaps even with the broadest cover and usage of the extensions David 
wrote! That's why I'm here...
>  
> Need to listen to the core sentiment, Eddy. Folks don't want centralized control points, even points that are one step removed from the mission of the OpenID Foundation, in some mega-vendor trade group. 
>  
> I hear no objection, in contrast, to a ebay-like reputation feedback signaling framework: optional, friendly, non-threatening, not big-brother, community-based - not vendor-based.
>   
Vendor based? From where does that come from? In fact I try to convince 
anybody interested to participate...to get it moving, take it of the 
ground! I don't have the ego nor the interest to lead any such effort if 
somebody else can and wants to do it (I'll go strait behind that person 
and support it - hence my question why the OpenID Foundation doesn't 
lead it. But nobody seems to want that ;-)). I just feel that it has to 
be done and such a third party reputation service is badly needed. I see 
this as a community effort, not my personal project or that of Verisign 
or of anybody else. If this wasn't clear from the beginning than it is 
my fault for not explaining correctly...

But lets stop to point to some privately managed blacklists that 
somebody composed (due to the lack of anything better), but think about 
what the best solution and service could be...I hear only the nay-sayers 
whining about decentralized versus centralized, but where are the 
innovative suggestions? Where are the proposals which aim to provide the 
reputation service? As a starter, just one of them, not ten...

Except that, I believe there is already a dilution of various such 
efforts, which might be spent on one project instead...
>  
> 1. just as ebay found a community-based regulation model, so can some innovative IDP Portal of OPs
>  
> 2. just as Google found a community-based pricing and ranking model of ads, ...so can some innovative IDP Portal of OPs
>  
> 3. perhaps someone will even a centralized Digg for (participating) IDPs, like our anonymous OP in India was hinting.
>
> ________________________________
>
> From: general-bounces at openid.net on behalf of Eddy Nigg (StartCom Ltd.)
> Sent: Mon 7/16/2007 11:45 AM
> To: Scott Kveton
> Cc: general at openid.net
> Subject: Re: [OpenID] Trust + Security @ OpenID
>
>
> Summing up a little bit...
>
> With all the discussion going on here and also off-list by various community members I come to the following conclusion for now:
>
> 1.) A third party body, which would perform various services for IDPs (and RPs) is generally welcome. This body shouldn't be controlled or founded by the OpenID Foundation, however members of the OpenID community might participate freely.
>
>
>   

-- 
Regards

Signer:      Eddy Nigg, StartCom Ltd.
Jabber:      startcom at startcom.org
Phone:       +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070717/b7c26a78/attachment-0002.htm>