[OpenID] is it "Openid" tho!?

[Peter Williams]

With the help of the trustbearer folks, we fiddled a little more with the OpenID2 -> SAML (-> opentoken) gateway concept for multiple listing services in the US (a market for brokering home/office sales/purchases).

http://mls.homepw.org/ starts off a demo. Using "Yahoo" directed identity concepts, open IE at this URL for the RP site - which should just redirect to myopenid. The result is a pretty classical username/password login process for the end user. Optionally, the user auth can apply JanRain's very cute phonefactor feature, too. Once one then releases the attributes, the auth + attribute assertions are sent to the MLS webapplication, where account linking occurs (the first time).

Try it and do provide feedback. There is hardly an openid url in sight, of course. So...this begs the question: "is this true to OpenID"?

Now in this architecture, there is obviously a lot of trusted chaining going on - using techniques similar to those used in military X.500 networks. The integrity of such a network will surely depends on using classical security techniques, hailing from the SCOMP/Blacker/VPN work of Schell et al. - enforcing label-based integrity policies in distributed systems for WAN/Internet environments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080513/152570cf/attachment-0002.htm>