[OpenID] Laws of id, openid with ssl

Peter Williams pwilliams at rapattoni.com
Thu Jan 24 23:41:45 UTC 2008 

I'm aware of those patent issues and Im staying away from the topic,  too; for NDA reasons. (Mostly because I cannot remember what NDAs I signed over the years with who, while doing the stds work). 
 
I'll guess that its best if openid doesnt not get applied to payment services, while 3dsecure is live and viable.
 
Some of the SOAP flows would run foul of live patents on 4 corner reliance models addressing both payment AND Non-payment applications, too. 
 
The real danger is not the original owners/creators of the patents - but who owns them now, after 5 re-sales of "defunct" IP to some licensing house who finally recognizes their worth.

________________________________

From: gwachob at gmail.com on behalf of Gabe Wachob
Sent: Thu 1/24/2008 2:30 PM
To: Peter Williams
Cc: Drummond Reed; OpenID List
Subject: Re: [OpenID] Laws of id, openid with ssl


Peter-
   I've pointed this out too (having been at Visa until relatively recently, and having done work on 3-D Secure in the last two years). The real tragedy was that the 3-D Secure protocol and all the implementation details were behind a wall of non-disclosure and licensing (for no particularly good reason, as far as I could tell - maybe some patent issues - I don't open). 
   Just another reason why *Open*ID will win over closed protocols like 3-D secure in the end, I think - even if OpenID has to deal with the lack of a managed risk model "out of the box". 

     -Gabe


On Jan 24, 2008 1:15 PM, Peter Williams <pwilliams at rapattoni.com> wrote:



	PS The flow I outlined seems very little different to how Visa/Mastercard's financial webSSO works (in the 1997-era 3dsecure standards), where virtual and/or use-once PANs (visa card numbers) could be manufactured by the various merchant/acquirer gateways (acting as asserting parties), for consumption by particular communities of merchants subscribing to particular "managed risk models" - ultimately serviced by VISANet. 
	
	
	
	________________________________
	
	From: Drummond Reed [mailto:drummond.reed at cordance.net]
	Sent: Thu 1/24/2008 12:19 PM
	To: Peter Williams; 'OpenID List' 
	Subject: RE: [OpenID] Laws of id, openid with ssl
	



	> Peter Williams wrote:
	> Law 4:directed identity. Enough said. The mission of uci is contrary to
	> this law? Surely? Uci thesis essentially denies the legitinmacy of the 
	> notion of private identities.
	
	Peter, the directed identity feature in OpenID 2.0 fully supports directed
	identity. Thus I would not say the "user-centric identity thesis" denies the
	legitimacy of the notion of private identities at all. Rather user-centric 
	identity means the user is in control of the identifiers. As of OpenID 2.0,
	a user can have two types of user-centric identifiers: public identifiers
	(what Law 4 calls "omnidirectional identifiers") that can be shared 
	publicly, and private identifiers (what Law 4 calls "directional
	identifiers") which are not intended to be shared publicly.
	
	=Drummond
	
	
	
	_______________________________________________ 
	general mailing list
	general at openid.net
	http://openid.net/mailman/listinfo/general
	




-- 
Gabe Wachob / gwachob at wachob.com \ http://blog.wachob.com <http://blog.wachob.com/>

More information about the general mailing list