[OpenID] [LIKELY_SPAM]Re: OpenID Japan Announces its incorporation with financial institutions, merchants, portals, etc. - Teams up with Liberty as well!

Fri Oct 31 12:36:34 UTC 2008

The VERY interesting hint is the presence (at a founding!) of the companies working insurance. While OpenID would help sell policies to consumers (like any other e-commerce site, selling travel insurance for example), it's also a regulation opportunity.

I __wonder__ (speculatively) if some Japan regulating power is now pursuing, for openid, the Australian "Gatekeeper" model (originally targeting PKI)?

In summary:

1. IDP/OP must publish to  get a license a policy statement, whose structure MUST align with a std CC protection profile (that NIST is probably busy on, right now)

2. Insurance company must provide financial responsibility for the IDP/OP, to cover its warranties/liabilities

3. IDP/OP are beholden to a "Continuous" policy enforcement regime, executed thru the insurance companies "material events disclosure" rules (failure to uphold **disclosure** (itself) means insurance exclusions come into force, automatically, as do obligations to prominently and immediately disclose lack of said financial coverage/insurance to consumers)

4. the only (conforming) way for a regulated insurer to issue coverage is after risk analysis, which include pre-audit of providers conformance to PP structure of claims, and then operational audit of systems against policies, standards/open-protocols, guidelines/best-practices.

Now, that model failed to take hold in the PKI space, being deemed far too "harsh" a policy regime for the privacy/confidence problem being addressed. It was also generally recognized as being a foil for other crypto-political agendas, in and around mandatory key escrow of consumer cryptokeys by police authorities (or their commercial agents).

Be funny to see if it takes hold in the UCI-centric, grassroots UCI-based OpenID! I suspect that the core motivations for that kind of heavy regulation apparatus would not have really changed, in 10years. (1) it pretends to "self" regulation (2) essentially forces large size companies into outsourcing their OPs (3) implements audit and oversight.

-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Jon Keating
Sent: Thursday, October 30, 2008 6:16 PM
To: general at openid.net
Subject: [LIKELY_SPAM]Re: [OpenID] OpenID Japan Announces its incorporation with financial institutions, merchants, portals, etc. - Teams up with Liberty as well!

Also, Yahoo! Japan joined as well.

It appears that Yahoo! Japan was the only company that is missing from
the list in this e-mail. We are listed on the homepage though:

http://www.openid.or.jp/memberlist.html

Jon

> The member companies announced were:
>
> Asahi Net (ISP)
> Automation Research Associates (IT)
> Cerego Japan (Education)
> CyberTrust (CA)
> Excite (ISP/Portal)
> Infoteria Co. (Web Service Company)
> Japan Airlines International (Transportation)
> Japan IBM (IT)
> Japan Verisign (CA)
> JCB (Credit Card)
> K Opticom (ISP)
> KDDI (telco)
> Lin Network (IT/Consulting)
> Livedoor (Portal/Web 2.0)
> Mitsui Sumitomo Marine (Insurance)
> mixi Inc. (SNS)
> NEC (Manufacturing)
> NEC Biglobe (ISP)
> Nifty (ISP/Portal)
> Nomura Research Insititute (IT/Consulting)
> Oki (Manufacturing)
> Rakuten (Internet Commerce/Financial)
> SBI Holdings (Financial group)
> Senshukai (Internet Commerce)
> Seven Bank (Financial)
> SixApart (Web 2.0)
> Softbank BB (telco/ISP)
> Sonpo Japan Systems Solution (Insurance)
> Taihei Computer (Internet Commerce)
> Technorati Japan (Web 2.0)
> Zakura (Web 2.0)
>

_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general