[OpenID] Real Identity Verification

Steven Livingstone-Perez weblivz at hotmail.com
Wed Nov 5 15:51:03 UTC 2008 

One more point on this …

 

I can't think of a reason why OpenID AX couldn't support attributes from third parties that are signed and stored with the OpenID. This way an institution could be given a users OpenID, make statements about them and return the signed statements/attributes which can then be stored anywhere with that users OpenID profile (and be fully exportable too).

 

Someone who wants to get those attributes can easily check via the institutions publically available key that these attributes have not been altered in any way.

 

Extending this you could have a plethora of OpenID attribute information that is both unverified and strongly verified.

 

steven

http://livz.org

 

 

From: Steven Livingstone-Perez [mailto:weblivz at hotmail.com] 
Sent: 04 November 2008 10:25
To: 'Eddy Nigg (StartCom Ltd.)'
Cc: 'general at openid.net'
Subject: RE: [OpenID] Real Identity Verification

 

This is interesting Eddy.

 

I kind of see three ways that this kind of OpenID “verification” can happen.

 

1.       Reputation

a.       In this case, the longer you use your OpenID, the more people will come to know it is associated with you. I’d be interested in how we could explicitly extend this concept to support a distributed reputation system where you can attach OpenID Reputation points which are assigned from other sites. These could even be broken down into types of reputation. The longer and more you use it the more reputation points. Even sending an email that isn’t spam etc via Gmail or Windows Live could “increment” your reputation score (like pagerank, but for OpenID). 

2.       Friend Verification

a.       Slightly more explicit and extension of the above whereby friends can verify things you write down about yourself so that others can trust them more. John says he works at Google Inc and Brian has verified this etc.

3.       Central Validation

a.       Shibboleth model and probably needed for institutions who perhaps verify things such as “Yes, this is definitely Dr. Livingstone” etc.

 

Does your Web of Trust concept tie in more with number 3 than the others or is if more about associating an OpenID with a cert so that saying something with your OpenID can be strongly verified (e.g. via the associated dig sig?).

 

steven

http://livz.org

 

From: Eddy Nigg (StartCom Ltd.) [mailto:eddy_nigg at startcom.org] 
Sent: 04 November 2008 09:34
To: Steven Livingstone-Perez
Cc: general at openid.net
Subject: Re: [OpenID] Real Identity Verification

 

Arrrrg... https://blog.startcom.org/?p=128

Sorry and thanks!

On 11/04/2008 11:37 AM, Steven Livingstone-Perez: 

Eddy, where can I find this article?

 

From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: 04 November 2008 09:31
To: Rebecca Cannon
Cc: general at openid.net
Subject: Re: [OpenID] Real Identity Verification

 

Rebecca, I forgot about it, but let me shamelessly promote a small article concerning identity validation in relation to OpenID I just wrote recently. Here validations including ones which are performed by a community network come into play. Thanks. :-)

On 11/04/2008 11:23 AM, Eddy Nigg (StartCom Ltd.): 

There are some providers which can provide you this service, please see http://www.startssl.com/?app=14
For example my ID is here: https://eddyn.startssl.com/

However no useful exchange protocol or standard for OpenID exists really to automatically on such information, but Nat, who also posted a reply to your question, is working on setting up a work group for trust exchange (TX) which might facilitate such exchange of information. I expect TX to be highly interesting in this respect.

For now I guess you'll have to hand-pick the providers which do perform real identity validations.


Regards 


 


Signer: 

Eddy Nigg, StartCom Ltd. <http://www.startcom.org> 


Jabber: 

startcom at startcom.org


Blog: 

Join the Revolution! <http://blog.startcom.org> 


Phone: 

+1.213.341.0390


 


On 11/04/2008 07:10 AM, Rebecca Cannon: 

Hi all

I'm researching a new online service that I will be building. I want to use Open ID, however we're going to require real-world identification verification, as the service will have legally binding information in it.

Just wondering whether open id is being used with real-world identification verification, and what the list's thoughts are on this. 

Thanks,

Rebecca

 <http://www.webbyawards.com/> 


 
 
 



  _____  



 
 
 
 
  
 
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
  
 
 
 
 



  _____  



 
 
 
 
  
 
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081105/ba3d7461/attachment-0002.htm>

More information about the general mailing list