[OpenID] Fwd: Several Questions for the Current & Future Board

[SitG Admin]

>When I get a pc that can read pdf,

Google "site:jisc.ac.uk openid pdf" (without the quotes). Third down, 
look for "View as HTML".

>As we just saw, one rp just willingly added cacert into its pot of 
>cas, and showcased how  openid discovery can be easily spoofed - 
>even in openid https modes. While the specs admit and counter these 
>vulnerabilities using spec-ese, the movement is more generally 
>failing to articulate how adopting parties can address these issues 
>practically  - without losing site of the movements lofty uci goals 
>(users choose their own op).

Lofty, but impractical (as things currently stand), goals. The 
problem with users determining their own identity (and 
voucher/representative, to the rest of the (digital) world), is that 
they then have *power* but currently (for the large part) are not 
equipped or prepared to be *responsible* for it. Ultimately, this is 
the anvil upon which our ideals will be forged or shattered - can we 
educate users enough to bring *them* (not just our technology) into 
the next stage of the web, or will be we forced to keep the power of 
OpenID OUT of the hands of users because they cannot be trusted to 
use it properly?

-Shade