[OpenID] [Muscle] updated experience, 2 years later.
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Sun Mar 9 01:02:53 UTC 2008
Peter Williams:
>
> My identityalliance desktop middleware (PKCS#11 etc) should allow me
> now to do SSL client auth, using the self-signed cert I made and
> stored on my GlobalPlatform card from IBM Zurich - presenting it to
> your site to now enroll the card/publickey with a second (isomorphic?)
> openid.
No, not really...the client cert must be issued by us. OpenID is for us
a by-product, or better said, a by-service.
> Hopefully, you have no pre-conceptions of just who you trust to issue
> client auth statements, via SSL?
Yes, we do :-)
The initial client cert issued by StartSSL functions as a boot-strapping
certificate for account authentication. We retain full control over this
process in every respect. That's NOT because of OpenID but for other
reasons.
>
> Lets see where it leads. Lets see if I can a create a second openid
> for the one card, and (b) bind your OP's (second) openid to my one
> plaxo account.
Lets hear how it goes...
>
> Peter
> ------------------------------------------------------------------------
> *From:* Eddy Nigg (StartCom Ltd.)
> *Sent:* Sat 3/8/2008 4:30 PM
> *To:* Peter Williams
> *Cc:* general at openid.net
> *Subject:* Re: [OpenID] [Muscle] updated experience, 2 years later.
>
> If we are at it, I invite you to read PKI, SSO and Smart Cards
> explained <https://blog.startcom.org/?p=81> and Smart Cards made easy
> on Linux and Firefox <https://blog.startcom.org/?p=82>
>
> Peter Williams:
>>
>> Read the thread from the bottom, if interested in one user's
>> experience linking open source smartcards to openid, linking up to plaxo.
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080309/792e1487/attachment-0002.htm>
More information about the general
mailing list