[OpenID] Anybody here from MySpace?

Peter Williams pwilliams at rapattoni.com
Wed Jul 30 19:32:56 UTC 2008 

We just to ensure openid from myspace isn't like foaf from livejournal: millions of files that don't get used for anything. But, it sounds good! Its a nice incubator, that on can bet on to take off.

I think the call is for openid to join the mainstream, and not only appeal to the web2.0 contingent. The call is for the missing trust mechanisms between idps and rps to be mainstream (and boring), not inventive (and world changing). We cannot wait 3 years for oasis to do use case analysis and end up with bloat like saml2 (that even its its authors disparage), and web20 mechanisms  simply do not have the acceptance needed as vehicles for the kind of trust/assurance decisions that mainstream adopters need to take.

If we dont focus on mainstream trust mechanisms, there will continue to be lots of idp (only) annoucements


-----Original Message-----
From: David Recordon <drecordon at sixapart.com>
Sent: Wednesday, July 30, 2008 11:56 AM
To: Peter Williams <pwilliams at rapattoni.com>
Cc: Nate Klingenstein <ndk at internet2.edu>; Nat Sakimura <n-sakimura at nri.co.jp>; general at openid.net <general at openid.net>
Subject: Re: [OpenID] Anybody here from MySpace?


-1, we need less complexity not more. :)  btw, how did we get away
from the original thread's topic.

--David

On Jul 29, 2008, at 4:24 PM, Peter Williams wrote:

> Been wondering how to accomplish this, without reinventing the wheel.
>
> Perhaps we could assume the claimedid is an ipV6 address, since its
> formally an opaque type. SND is then used to talk to neigbors, whose
> cert chains attest to the willigness of one peer to trust the
> addresses (resolved xri/uris) of the other as normal (i.e. The peer
> has legitimacy to be speaking for that ipv6 address)
>
> We'd have all the expressiveness one needs for arbitary naming
> hierachies and interdomain mappings in the certs supporting snd
> (inherited from distingished names, the ldap resolvers, and control
> extensions in the certs). And snd gives us the concrete means to
> determine if the peer is deemed a "secure" neighbour. All those
> willing to potetially peer as neighbours ina given trust level can
> all listen to a multicast group, in some subnet, allowing discovery.
>
> ________________________________
> From: Nate Klingenstein <ndk at internet2.edu>
> Sent: Monday, July 28, 2008 8:37 PM
> To: Nat Sakimura <n-sakimura at nri.co.jp>
> Cc: general at openid.net <general at openid.net>
> Subject: Re: [OpenID] Anybody here from MySpace?
>
> Nat,
>
> I would agree that some architectural work would help to make OpenID
> sufficiently secure for higher-valued transactions.  However, while
> the flows could be better secured, and Cardspace is a huge help for
> phishing protection, a lot of what I would consider additional
> "security" is an ability for providers to recognize and trust each
> other.  That mostly involves third-party reputation and vetting
> services.
>
> OASIS is doing important work here, as you know of course, but it
> will be gradual and still require integration with OpenID.  I'd
> certainly be interested in helping out if there were such a working
> group formed and the IPR process solidified.
>
> Take care,
> Nate.
>
> On 29 Jul 2008, at 03:06, Nat Sakimura wrote:
>
>
> Is there a security committe or something like that in the community?
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list