[OpenID] Changes to the OpenID Foundation member page login

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Mon Dec 8 01:31:17 UTC 2008 

On 12/08/2008 02:29 AM, Peter Williams:
>
> Eddy:
>
> Let’s get down and dirty, since https OpenIDs are part of the standard.
>

Yes, why not....because I haven't lost too much thought about it...

> I don’t see how we can easily  wash our hands of PKI (much as I’d love 
> to do so).
>

The questions below are actually interesting. Obviously I answered them 
for my own organization concerning being a relying party, but never 
thought about it in relation to the OpenID Foundation.

> 1. Would you counsel the secretary running the election to accept http 
> (i.e. non-https) openids in the coming election?
>

No

> 2. If https openids are used by votering members, would you counsel 
> that the rules should prevent those presumed voters from using the 
> election site?
>
> 3. If https openids are used and acceptable under the election rules, 
> would you counsel that the election site from accept any and all CAs 
> supporting that https channel?
>
> 4. If proper https openids are used when exercising a voting right, 
> would you counsel that the Foundation limit the CAs used in https 
> openids to any particular list of CA service providers?
>
This actually lead me to the following suggestions:

A reasonable solution would be to combine the root lists of the most 
popular browsers and operating systems (e.g. Microsoft, Apple, Mozilla). 
And than I thought, how about OpenID Foundation members receiving an 
OpenID from openid.net? I mean, this could be exclusively for members 
only and could be used to solve the problems of

   1. various login problems,
   2. questions as the ones from above,
   3. not favoring any OP, being truly THE OpenID provider (for members).


That could be really kewl ;-)

Regards
Signer: 	Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Phone: 	+1.213.341.0390


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081208/88a831d3/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6724 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081208/88a831d3/attachment-0002.bin>

More information about the general mailing list