[OpenID] OpenID Identity Consolidation

[Peter Williams]

I like the general move.

Openid auth is clearly playing the role that the ssl record layer was supposed to play. Folks were supposed to extend the set of std protocols running over the 2 unilateral sessions, building upon the key management handshakes. Folks were just to timid tho, or perhaps "intimidated" to do so - once dod and its ietf defense contractors took over. The only folks who really took ssl on were cisco (with dtls) and microsoft (with eap-tls and other conectionless schemes over fragmenting bearers) - and perhaps, later, nokia (with sessionless gateways and wireless intercept)

Need to upgrade the handling of the content encryption key, so it can leverage legal grade key wrapping mechanisms, rather than raw rsa encipherment mechanism. This allows for proper keytagging and selective/restricted use of symmetric keys. One needs this for expressing "controlled release" to particular intended recipients (sets), used when delivering the various proof services found in legal protocols: delivery, receipt, acceptance, acknowledgement, confirmation, acceptance, notice, service...


________________________________
From: Nate Klingenstein <ndk at internet2.edu>
Sent: Sunday, November 02, 2008 4:35 PM
To: Chris Messina <chris.messina at gmail.com>
Cc: Martin Atkins <mart at degeneration.co.uk>; OpenID List <general at openid.net>
Subject: Re: [OpenID] OpenID Identity Consolidation

Chris,

Makes me feel way better knowing you can't track everything either.


Sakimura, N., et. al "OpenID Trusted data eXchange Extention Specification (draft)", Oct. 2008. [TX2008]<http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/*checkout*/spec/openid-trust-exchange-1_0.html?root=openidtx>.

http://www.nabble.com/Proposal-to-create-the-TX-working-group-td20264023.html

Thanks,
Nate.


I think TX is going in the right general direction, and I applaud the

brainstorming that went into it.


I've not heard of TX. Can you give me some pointers?