[OpenID] [LIKELY_SPAM]Re: Problems with delegation and directed identity OPs

John Bradley john.bradley at wingaa.com
Thu Nov 6 19:53:10 UTC 2008 

Peter,

OSIS conducted interop testing as part of I4 and it will be a focus  
area for I5.
http://osis.idcommons.net/wiki/Main_Page

OSIS attempts to encourage conformance through working with OPs and RPs.

A number of OP and RP issues were discovered and fixed during I4.

Without mandatory conformance this is the world we line in.

There is nothing to force a RP or OP to support all of the possible  
features.

As a user if you want to have your own URI and delegate authentication  
choose a OP that supports it properly.
OP's like Yahoo and Google are not obligated to support every possible  
use case.

I will also observe that most people who use delegation are not  
protecting there discovered meta-data with ssl certs.
That is the biggest security problem with delegation.

OpenID provides a lot of flexibility that is one of the reasons for  
its adoption.
I don't think conformance and licensing rules are the way to go.

Regards
John Bradley
=jbradley

On 6-Nov-08, at 11:27 AM, Peter Williams wrote:

> This is beginning to sound like EAP/802.1x and cisco, where every  
> vendor now does their own profile (which works with nobody else's  
> supplicants/authenticators).
>
> I just dont like directed, I dont do it. Tough UCI user!
> I just dont like delegation, I dont do it. Tough UCI user!
> I just dont like delegation with directed, I dont do it. Tough UCI  
> user!
>
> In that culture in general, the average SP working with the average  
> user...cannot work with 1 IDP the way it works with another use  
> yesterday (e.g. myopenid) - undermining UCI therefore. Sites HAVE to  
> be tuned for the IDP in question.
>
> What a shame! OpenID had SO MUCH potential to do better than idp- 
> centric federation networks.
>
> or, we create a conformance/interoperability forum, like WIFI, to  
> stop the mess before it undermines public confidence in end-end  
> **interoperability** of ALL the major modes of interworking defined  
> in the OpenID2 spec.
>
>
> ________________________________
> From: general-bounces at openid.net [general-bounces at openid.net] On  
> Behalf Of John Bradley [john.bradley at wingaa.com]
> Sent: Thursday, November 06, 2008 10:50 AM
> To: general at openid.net
> Subject: [LIKELY_SPAM]Re: [OpenID] Problems with delegation and  
> directed identity OPs
>
>
>
>
> Verisign works because the <LocalID> matches what is returned in  
> openid.identity.
>
> Google is not supporting delegation as far as I can tell probably  
> smart on there part.
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081106/ed72a771/attachment-0002.htm>

More information about the general mailing list