[OpenID] [LIKELY_SPAM] A New OpenID Enabled E-Commerce Site in Japan

Peter Williams pwilliams at rapattoni.com
Thu Nov 20 21:06:32 UTC 2008 

Presumably, "EC" means that the site is willing to authorize credit card payments, then, go clear via the usual merchant/acquirer channels.

The EC fact is interesting in and of itself - under the Visa/JCB rules. It will fun to see what needs updating now in PCI-DSS standards to address this UCIness of OpenID (where XRI provider is unrelated to OP, which are unrelated to RP)

Even if the CC data is retained by the spoke (vs is provided as an attribute by the OP), the "authority" to initiate use of the RP-stored cardholder data still comes from the OP.

Even if the RP=HBT-->OP-->XRI provider have an explicit trust fabric (eliminating most of UCI benefits), there is still the interesting case that responsibility for correct I&A is now critically shared between the discovery agent (XRI) and the authentication agent (OP). Arguably, under the "Yahoo" rule of requiring RP-discovery, the OP has double responsibilities (auth + control release).

One can see the world now in which RPs doing visa will signal via custom PAPE field the OP...that a credit-card transaction is underway- perhaps, by convention, requiring (1) sp-discovery, (2) rekey of auth association,... EV-check on RPs https cert, etc.

From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Nat Sakimura
Sent: Thursday, November 20, 2008 12:36 PM
To: OpenID List
Subject: [LIKELY_SPAM][OpenID] A New OpenID Enabled E-Commerce Site in Japan

Hokkaido Bishoku Tsuushin (Hokkaido gourmet correspondence), a site that sells gourmet food from Hokkaido has opened.
The site is OpenID enabled and does not require any local account creation. One can simply login with various OpenID including XRI based ones and do shopping. It is one of the few EC sites that allows OpenID login yet.

The site's URL is: http://www.matsumaeya.jp/

--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081120/84c9413c/attachment-0002.htm>

More information about the general mailing list