[OpenID] Supporting OpenID

[Nate Klingenstein]

Peter,

> I think its germane to address the apparently sensitive issue at  
> the heart of the thread: gatewaying, particularly in this highly  
> doctrinal UCI forum.

I don't think it's relevant because there's a lightweight trust model  
here.  I receive and validate an identifier from this OP.  I make a  
decision how to trust it.  I may decide that it's "equivalent" to a  
Google account, or I may not, but that's totally independent.  It'd  
still be independent if this were a google.com address(all kinds of  
interesting things happen in *.edu domains).

 From my brief reading, OpenID doesn't have any formal notions of  
gateways or proxies in its protocol.  If this conversation were in  
the context of such support or a stronger trust model, we'd have  
something to talk about, and you hint at that in your last paragraph.

Until there are reputation services or federations or something,  
ultimate access control decisions are solely the SP/RP's to make.  It  
alone must decide how to trust the inputs.  There's just nothing else  
to go by.

Hope this makes sense,
Nate.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080413/3969db0f/attachment-0002.htm>