[OpenID] Community Reputation Services
Nate Klingenstein
ndk at internet2.edu
Fri May 23 19:29:43 UTC 2008
Peter & others,
I'm not criticizing the specs themselves, though I'm not sure what
this use case was. I'm just having major cognitive dissonance issues
between the idea that authentication is optional, that trust in the
OP is irrelevant, and that we can put in place a trust fabric that's
good enough for most enterprise applications. I'm attempting to
reconcile these bits and pieces.
I think the optional communities-of-interest is a great start towards
that, which is why I'm interested in them. However, given recent
events, I'd like to watch the XRI situation develop a bit before
having much opinion about it.
Thanks for the perspective; it's really useful,
Nate.
On 23 May 2008, at 16:47, Peter Williams wrote:
> You cannot read the OpenID specs rigorously, Nate. The security
> engineering terminology is all over the place. Go for the thrust,
> not the literal meaning. OpenID4 can go to IETF on day, like SSL3
> did, and defense types there can spend another 10 years years
> rewriting it all, if they want, once its widely adopted.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080523/a2effd09/attachment-0002.htm>
More information about the general
mailing list