[OpenID] Durability of authorized sessions

Allen Tom openid at allentom.com
Fri Nov 30 01:02:54 PST 2007

Hi Tony,

By the way, I do think that this is an interesting idea, and look 
forward to seeing a world where OPs compete on security.

The refund guarantee could be something that a Bank OP, or other very 
secure OP, could offer their customers, similar to "safe shopping" 
guarantees that credit card companies offer today.


Tony Locke wrote:
> Then if a transaction goes wrong and
> it's the OP's fault, the RP can get a refund from the OP. If the end
> user is affected, they would seek redress from the RP. This eliminates
> buck-passing between the RP and OP.
> If the end user provides an OpenId that doesn't have a high enough
> refund value, the RP would be entitled to reject it.
> What's in it for the OP? Well, they could charge the end user for
> OpenIds that they issue with a refund guarantee. This would also have
> the benefit of providing a badly needed income stream for the OP.
> -Tony.

More information about the general mailing list