[OpenID] Use OpenID for Identification
Christoph Eunicke
christoph at eunicke.de
Thu May 15 14:18:20 UTC 2008
Hi Everybody,
I'm trying to find a way how we could use OpenID to _prove_ that a user
is over 18, or any other legally important claims.
Currently there are a lot of projects which try to combine national ID
cards with OpenID, like Trustbearer or open.id.ee (which seems to be
down at the moment). Combined with some sort of reputation list this
would result in a two class society of OpenID-provider: the (maybe
federally controlled) provider which you use with your national identity
card for the "important" stuff, and the "normal" provider which you can
use for blogs, forums and so on.
Is this want we want? Anyone got a better idea to make OpenID claims
legally valid?
This scenario would require two main extensions to the specs:
*extend the "Provider Authentication Policy Extension" with
a policy "Physical Multi-Factor Authentication with a unique,
important and legally effective token". We should also find
a better name for this ;-)
*Something like a OpenID-Rootserver as used in the DNS which
tells you which provider has the permission to claim things
about a specific country.
Or do I miss something important how we already could use OpenID for
identification when the claims must hold in front of a court?
Regards,
Christoph
--
Christoph Eunicke
Computer Networks and Internet
Wilhelm Schickard Institute for Computer Science
University of Tuebingen, 72076 Tuebingen, Germany
More information about the general
mailing list