[OpenID] [Muscle] updated experience, 2 years later.
Peter Williams
pwilliams at rapattoni.com
Sun Mar 9 04:23:10 UTC 2008
Eddy. it was a pleasure using your site. Someone has gone to a lot of trouble to make a highly commendable service.
you say: "Lets hear how it goes..."
I have been unable to use the openid https://pwilliams.startssl.com/ at plaxo. Im *guessing* from their user error message that they cannot(or will not) resolve your OP's https root cert. They are, I'm **guessing** applying white listing rules on OPs, based on PKI browser root cert conventions - inherited from MSFT (reasonably fair audit-based practice, slightly biased towards larger companies) or Mozilla (pay $$ for entry or "know a programmer").
I eventually (probably) enrolled with an SSL client cert, but it was difficult. I tried harder than the average consumer will. My SCM smartcard reader connected to Vista SP1 with an IBM javacard inserted did blink, whilst enrolling at your site with IE7 and probably completed SSL client cert 1024 bit RSA keygen. What that blinking means... I do not know. The enrollment process was not seemless, due to IE7 popup and trust issues. I tried harder than the average consumer would, to work around these issues.
10 years ago Id have personally been exstatic with your site. When we published our Adison-Wesley book way back then on how to use the NT4 SP1 MSFT cert server, it was with the aim of promoting folks like you to do exactly what you are doing. Not everyone at VeriSign *m employer at the time) was exactly exstatic at the prospect of such as you entering their market
Your site has made clear efforts to get around some of the barriers to entry into the market that I helped V***** create, to deter effective competiton (American style) . Id judge you to have failed, as designed. As it stands, the average site/user focussing on unamaned consumer workstations will choose to pay V**** rather than work around the road blocks. Whilst it was my specific intention to deny folks entry to market for cert issuing to the public for reasons of crypto politics, it was NOT my intention to prevent delivery of value-added services like openid. I apologize.
The comment about - please change to firefox rather than use IE (when using smartcards) was a turn off. Rapattoni's site is tuned up for IE (possibly too much :-( )
On our own consumer, tell me what to do to make http://rapattoni.trustbearer.com/consumer/try_auth.php?action=verify&openid_identifier=https%3A%2F%2Fpwilliams.startssl.com+ work, and I will make any reasonable efforts to interoperate. The folks at trustbearer are more than supportive of each and every open source community making best efforts to move the state of the art forward.
First adoption. Then interoperability. Then quality. Then compliance. This is the way of the web.
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080308/f5ede7eb/attachment-0001.htm>
More information about the general
mailing list