[OpenID] query regarding OP migration
Terrell Russell
terrellrussell at gmail.com
Mon Jun 2 06:42:57 UTC 2008
Peter Williams wrote:
> If I look back at that (purported) system description, it seems scalable, it
> seems to fit the web model, it uses classical security engineering terminology
> (authN.sessions, authZ, PDP, PEP) and seems to allow for all sorts of policies
> by any party engaged in the act of "listing" reputation statements. It works
> just as well for XRIs, as http(s) URLs and their HXRIs variants. Nicely, the
> system is self-applying, since anyone can issue a reputation statement on those
> such as ClaimID who engage in making _listings_ of others' reputation statements.
>
> What I have no confidence in is that the above system description or variants
> are received wisdom, are community endorsed, are commonly understood, are part
> of the mission, or are an accurate rendition of where folks are generally going
> in their OpenID rollouts.
>
> Is this kind of stuff discussed anywhere?
>
Hi Peter,
I think you've found most of the best discussion (regarding MicroID) in
Fred's and Will's and claimID's posts. We (claimID) have been trying to
act in a constrained manner for the very reason that small
(independently) verifiable claims are needed. These independent claims
are the ones on which to build and apply a reputation algebra.
But nobody's built that yet.
So you're on the path, and I appreciate your thorough attempts to root
this stuff out. Please keep it up.
Terrell
http://claimID.com
More information about the general
mailing list