[OpenID] Microsoft's healthvault as RP
Peter Williams
pwilliams at rapattoni.com
Tue Aug 19 17:21:13 UTC 2008
Anyone care to recount their _technical_ interworking (and/or _policy_ accreditation) stories here, against Microsoft's OpenID RP?
https://account.healthvault.com/OpenIdLogin.aspx?rmproc=true
Notice that Microsoft (corporately) disclaims any "endorsement" of OpenID (the general "initiative", I assume)
"Important: Microsoft does not provide OpenIDs, and does not endorse OpenID or any particular OpenID provider.
Before you choose to use OpenID with HealthVault, we recommend that you evaluate the security and privacy commitments offered by the OpenID issuer and decide if they are appropriate for your HealthVault account. Guard the identity you use to sign in to your HealthVault account. Your OpenID or Windows Live ID is like a key to a safe. The safe may have many security features, but anyone who has the key can open it."
It will be interesting to see if this disclaimer carries any legal weight, given the nature of the personal privacy information involved, especially since the corporation is evidently operating an accreditation program for OPs, too. It must - therefore - HAVE criteria, and therefore a POLICY to have and then to enforce criteria. One can guess that the POLICY also includes an ongoing monitoring of compliance, too; which implies an burden and acceptance of said burden - perhaps under general best practice obligations.
More information about the general
mailing list