[OpenID] openid query
Vipin Rathor
v.rathor at gmail.com
Thu Feb 28 12:04:33 UTC 2008
hi,
Thanks for ur replies.
Since trust and security between relying party (RP) and OpenID
provider (OP) is a concern and there is no pre-existing trust
relationship between them, then why not to use the digital certificate
(PKI) based approach?
Let's say, both RP and OP have a X.509 certificate and whenever they
contact each other, they check other's certificate and do the chain
validation. Only when both are satisfied, they communicate with each
other. (Even after this, they can talk securely by using
public/private key pair...more on this can be thought later ).
Let me know your take on this.
Awaiting replies.
Thanks in advace.
-Rathor
More information about the general
mailing list