[OpenID] Verisign Seatbelt "vs" ClaimOP/RP -- OpenID notsoopenanymore?
Recordon, David
drecordon at verisign.com
Wed May 30 02:11:38 UTC 2007
Hey Peter,
The SeatBelt is a FireFox extension designed to help with convenience
and phishing concerns around using OpenID. It makes no changes to any
of the OpenID protocols. The only "protocol" it uses is a discovery
convention (just like RSS or ATOM auto-discovery) where an OpenID
Provider marks-up a link rel tag pointing to an XML configuration file
for the extension. This provides the ability for the extension to work
with new providers without requiring any changes or certification
process from VeriSign. As part of this configuration, the provider
exposes an HTTPS endpoint which returns an XML document about the
current logged in user (or that there isn't anyone logged in).
Just to restate this, we're not doing *anything* which changes the
OpenID protocol(s).
--David
-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Peter Williams
Sent: Tuesday, May 29, 2007 6:56 PM
To: Boris Erdmann; general at openid.net
Subject: Re: [OpenID] Verisign Seatbelt "vs" ClaimOP/RP -- OpenID
notsoopenanymore?
We can test whether VeriSign seatbelt technical protocols and
administration framework work is open, or not.
Open technologies allow leading implementations to be replaced, and no
barrier shall exist for users of the latter to obtain from such as Aol
all the technical features and technical security benefits that the
former, Sealtbelt users obtain today.
VeriSign is, note, entirely entitled to add service delivery values,
audit practices and financial warranties etc - so as to differentate
sealbelt from other services based on the same protocols and protocol
bindings.
VeriSign specifying and using a public OpenID binding -requiring https
and alowing optional validaton by a trusted https/wininet client of its
extended validation certs, say - which might together provide
assurance that risks of phishing are mitigated by a unique integration
of technical and legal controls - is an entirely proper id mgt service,
built on open technology.
....
certainly working to have the SeatBelt up on Mozilla's Add-Ons
page and at that point will provide it for public download as well as
providing documentation with it. Certainly not trying to do anything
closed, which I hope is shown by the fact that it isn't just limited to
VeriSign's OpenID Provider nor a set list of Providers, but rather any
Provider can add the configuration markup and work with the SeatBelt.
--David
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list