[OpenID] Configuration file for OpenID libraries?
Nate Klingenstein
ndk at internet2.edu
Thu May 15 11:37:39 UTC 2008
Martin,
I think this is a very useful idea.
1) It will allow deployments within communities to create and circulate
configuration files that enumerate themselves. Some communities have a common
set of services and identities that they'd like to share with each other, but
the resources aren't publicly available.
2) It could also help to build anti-identity-spam services. I'd hate to see
"Use my OpenID" with a CAPTCHA underneath it.
3) Use of whitelists can also eliminate at least some of the more
trivial forms
of phishing, but that's a losing battle until and unless we get smarter
clients
or users.
I've got no strong feelings about the format, but our federations have
found it
useful to be able to sign such a list, since it's involved in trust. However,
given that OpenID relies heavily on SSL/TLS for server authentication
and isn't
usually used in situations where a strong trust fabric is required,
just hosting
such a list over SSL/TLS might be enough.
However, reputation services could do hypothetically the same thing and more,
while being considerably more flexible, dynamic, and automatic. For
the longer
term, I'd like to see serious efforts made in that direction. Especially if
some OP's/RP's could be "tagged" with community labels by the reputation
service, it'd be a better solution all around.
Take care,
Nate.
Quoting Martin Paljak <martin at paljak.pri.ee>:
> As OpenID gets merged into more opensource webapp packages, it might
> be useful to provide a configuration file that is common across
> implementations
> and allows to declare some "common" authorization bits:
>
> * whitelist: <regexp>
> * blacklist: <regexp>
> * fingerprint: <OP domain>:<OP SSL cert fingerprint>
>
> I'd like to know what the community thinks about the overall idea and
> the given authorization steps.
>
> m.
> --
> Martin Paljak
> http://martin.paljak.pri.ee
> GSM: +3725156495
>
>
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
More information about the general
mailing list