[OpenID] Yahoo OpenID UX Study

Peter Williams pwilliams at rapattoni.com
Sat Oct 11 18:18:55 UTC 2008 

-----Original Message-----

From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Drummond Reed

Sent: Friday, October 10, 2008 12:18 PM

To: 'Peter Watkins'; 'Allen Tom'

Cc: 'openid-general General'

Subject: Re: [OpenID] Yahoo OpenID UX Study







It's one of the key security advantages of XRIs -- the other is automatic

pairing with a canonical persistent XRI i-number to prevent OpenID recycling

and support lifetime synonym management.



=Drummond





Note: http://xml.coverpages.org/Cantor-SAML-v20-MetadataInteroperabilityProfile-WD01.pdf



The missive outlines the role of metadata (quite generally, if you dump the SAML-specific orientation) as a trust fabric, and proposes the "elimination of PKI" from that role.



One could see XRDS files/responses addressing some of the same ideas, in a convergence effort between saml/cardspace/openid.



After all,



1. XRDS files are just metadata, static or dynamic (in the XRI case).



2. YADIS is just an access protocol for static metadata (and the embodiment of the notions that OP/RP interworking will "rely on" and be "dependent on" metadata). Native XRI - or its HXRI proxied variant - is just a [rather more intelligent] access protocol, at the end of the day.



It seems that the OpenID Community is currently heading exactly the opposite way to that proposed in the metadata missive to the OASIS WG - despite being far more reliant on metadata-based controls than is the SAML community, in practice. As an example of that contrast, OpenID standards and guidance seem to be increasingly reliant on https and be increasingly dependent on its  (usually PKI-based) trust model  ... and ... the associated governance structures that come along with a (VeriSign) PKI: the CPS-based legal warranties and their associated financial assurances.








-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081011/84829db6/attachment-0001.htm>

More information about the general mailing list