[OpenID] Reconsidering http://openid differentfrom https://openid
Peter Williams
pwilliams at rapattoni.com
Thu Sep 20 20:34:09 UTC 2007
Lets have some fun with options for best practices.
Either VeriSign sells lots of personal certs for the https/URI option, or Neustar sells lots of XRI for the https/XRI option. We note that the XRI proxy solution operates using merely a single SSL cert for everyone (see Drummond's post).
And what underlies the different is manifest in a vision/marketing war for control of the authentication market. Its been going on for 5 years! One can ttrust TTPs who are information/media processors (VeriSign) or the phone companies (Neustar) .
My bet is on the phone companies, Im embarassed to say (as an ex-VeriSign engineer!)
________________________________
If people are committed to making OpenID easy to understand (again, I
didn't hear any argument from anyone against that notion), then why
wouldn't they simply all implement the "best practices"? If this is the
case, the same goal can surely be achieved without the mandatory
requirements in specification text.
No need for tortuous mandatory requirements in the specification that
conflict with a standard human reading of (albeit normalized) URIs?
Regards,
- John
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list