[OpenID] Anybody here from MySpace?

[Peter Williams]

Been wondering how to accomplish this, without reinventing the wheel.

Perhaps we could assume the claimedid is an ipV6 address, since its formally an opaque type. SND is then used to talk to neigbors, whose cert chains attest to the willigness of one peer to trust the addresses (resolved xri/uris) of the other as normal (i.e. The peer has legitimacy to be speaking for that ipv6 address)

We'd have all the expressiveness one needs for arbitary naming hierachies and interdomain mappings in the certs supporting snd (inherited from distingished names, the ldap resolvers, and control extensions in the certs). And snd gives us the concrete means to determine if the peer is deemed a "secure" neighbour. All those willing to potetially peer as neighbours ina given trust level can all listen to a multicast group, in some subnet, allowing discovery.

________________________________
From: Nate Klingenstein <ndk at internet2.edu>
Sent: Monday, July 28, 2008 8:37 PM
To: Nat Sakimura <n-sakimura at nri.co.jp>
Cc: general at openid.net <general at openid.net>
Subject: Re: [OpenID] Anybody here from MySpace?

Nat,

I would agree that some architectural work would help to make OpenID sufficiently secure for higher-valued transactions.  However, while the flows could be better secured, and Cardspace is a huge help for phishing protection, a lot of what I would consider additional "security" is an ability for providers to recognize and trust each other.  That mostly involves third-party reputation and vetting services.

OASIS is doing important work here, as you know of course, but it will be gradual and still require integration with OpenID.  I'd certainly be interested in helping out if there were such a working group formed and the IPR process solidified.

Take care,
Nate.

On 29 Jul 2008, at 03:06, Nat Sakimura wrote:


Is there a security committe or something like that in the community?