[OpenID] Anybody here from MySpace?
Nate Klingenstein
ndk at internet2.edu
Tue Jul 29 03:36:48 UTC 2008
Nat,
I would agree that some architectural work would help to make OpenID
sufficiently secure for higher-valued transactions. However, while
the flows could be better secured, and Cardspace is a huge help for
phishing protection, a lot of what I would consider additional
"security" is an ability for providers to recognize and trust each
other. That mostly involves third-party reputation and vetting
services.
OASIS is doing important work here, as you know of course, but it
will be gradual and still require integration with OpenID. I'd
certainly be interested in helping out if there were such a working
group formed and the IPR process solidified.
Take care,
Nate.
On 29 Jul 2008, at 03:06, Nat Sakimura wrote:
> Is there a security committe or something like that in the community?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080729/d7814f59/attachment-0002.htm>
More information about the general
mailing list