[OpenID] openid query

Nat Sakimura sakimura at gmail.com
Sat Mar 1 06:00:24 UTC 2008 

Indeed. Such a third party should publish a score as a reputation service.
This, combined with the on going continuous scoring "reputation" by
customers will constitute the reputation that I would use.

That is why we need some form of standardized reputation format and scoring
system.

=nat

2008/2/29, Eddy Nigg (StartCom Ltd.) <eddy_nigg at startcom.org>:
>
>  Paul Madsen wrote:
>
>
> An X.509 RP has the same desires as an OpenID RP, ie that they can be
> confident that the authority's (either CA or OP)
> practices/procedures/technologies provide sufficient assurance for the
> application being accessed.
>
> Exactly! And what do we know about this? What do we know about
> "practices/procedures/technologies" in the OpenID world?
>
> As an OpenID RP I can't make a decision about each and every OP, not to
> mention that I've never seen any OP which has policy governing its
> operations. Nor have I ever seen a third party attestation confirming any
> policy or practice statement either. Hence, in the OpenID world, any trust
> (if there is such a thing at all) is based on pure assumptions....nothing
> more. Neither does SSL between the OP and RP solve this problem, it solves a
> different one (eavesdropping). In relation to that, I guess any OP not using
> https shouldn't even be considered by a RP really.
>
> In order to solve the problem mentioned above I suggested in the past to
> form a federated group of providers which operates according to a certain
> standard and verifies them in some form.
>
> --
>   Regards      Signer:  Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
> Jabber:  startcom at startcom.org  Blog:  Join the Revolution!<http://blog.startcom.org>
> Phone:  +1.213.341.0390
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>


-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openid.net/pipermail/general/attachments/20080301/e0a619e7/attachment.htm

More information about the general mailing list