[OpenID] Can you make an online payment with your OpenID?

Jørn Wildt jw at cbrain.com
Wed Feb 27 07:12:38 UTC 2008 

Can you make an online payment with your OpenID? I guess the immediate
answer is, no, there is no such service available. At least I haven’t been
able to find one.

 

But why shouldn’t it be possible? It seems to me that it should be a lot
more safe than using credit card numbers – anyone can use your credit card
numbers, but it is only you and no one else who can use your OpenID.

 

I don’t know if Yahoo! has any paid-for-premium service, but lets assume
they have. Then Yahoo! is able to collect money from these people already.
So a webshop could accept payments through OpenIDs from
premium.yahoo.com/people/NAME if the webshop has an agreement with Yahoo.
Any bank or card issuer could do the same and let you pay with OpenIDs of
the form MYID.MYBANK.COM for instance 12345678.mymastercardid.com.

 

Advantages for the end-user would be a more secure payment method than using
your credit card numbers, widely available with the big players bying in on
OpenID, and a well known technology (when it becomes widely used of course).

 

There’s probably lots of problems with this idea and I guess a lot of you
would say “Phishing!” immediately. But what if the bankers *required* you to
use a technology like CardSpace or similar (see Kim Camerons video here:
http://www.identityblog.com/?p=923). Then you would never be issued a
phishable password.

 

This should be doable right now, but the user experience would need some
improvements: when I am asked to accept an OpenID query at myopenid.com then
I am only presented with a URL and no other message. For a payment
transaction I would like to see the amount and some other text too. This
would require some minor extensions to the OpenID standard (as far as I
understand it).

 

Dreaming on 
 I could also see the use of OpenID as a payment method without
prior agreement between the webshop and the OpenID issuer: “all it needs” is
a digitaly secure way for the webshop to ask the OpenID provider if it
allows payments, in which countries, and probably also a few other things.
Much like SSL where you trust a certificate because it has been signed by a
root certificate. In this case the OpenID provider would have a certificate
from “someone” that proves it can be used for payments.

 

Thanks for listening :-)

 

/Jorn Wildt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080227/1a8df551/attachment-0002.htm>

More information about the general mailing list