[OpenID] Combining Google & Yahoo user experience research

[Nate Klingenstein]

Shibboleth hasn't yet implemented anything I'd call dynamic  
metadata.  It's pretty trivial to operate a Shibboleth IdP in a  
promiscuous mode.  Most deployers don't because of user privacy  
requirements.

We clearly need to allow users to trust new RP's without  
administrator intervention, which is a separate issue from whether  
trust between IdP's and RP's exists.  This was actually an initial  
requirement in our architecture some 7 years ago and has always been  
supported by the software, but we never made it feasible for users to  
actually do it.  This was partially out of concern that paranoid  
users would lock themselves out of key applications, resulting in  
help desk calls, and partially because we suck at GUI work and have  
limited resources.

It's a key area of work right now.  Here's a precursor.

https://aai-demo.switch.ch/secure-arpviewer/

Again, I'd love to see OpenID work on adding support for trust  
frameworks like federations and reputation services.  It's not what  
PAPE does, and ORMS is moving very gradually.

Take care,
Nate.

On 19 Oct 2008, at 16:36, Shane B Weeden wrote:

> Sure, there are dynamic extensions to SAML like those defined by  
> Shibboleth for dynamic metadata sharing, but out-of-the-box nothing  
> I've been exposed to thus far quite matches the simplicity of the  
> OpenID model.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081019/a0db0a28/attachment-0002.htm>