[OpenID] Verisign Announces Free OpenID Digital Lockbox

Chris Messina chris.messina at gmail.com
Sat Feb 21 05:27:43 UTC 2009 

Personally, I'm interested in, at least in terms of how I read it, which may
not be at all what this thing is, is a storage-in-the-cloud discovered off
of your OpenID.
For example, I sign in to Amazon.com with my OpenID, it discovers my
"Lockbox" or "Digitial Locker", I do the hybrid dance so that Amazon can
dump stuff into my Lockbox, and then whenever I purchase MP3s or hardware
that come with digital manuals, Amazon just passes the data directly to my
Lockbox.

No need for me to download/save to my local machine.

If that's not what this is, then, oh well.

Chris

On Fri, Feb 20, 2009 at 12:10 PM, Peter Williams <pwilliams at rapattoni.com>wrote:

>  So it's a proprietary initial login to an OP (that happens to do some
> encrypted file store stuff, possibly leveraging the proprietary token for
> key management). This seems useful, if yuou think that store holding the
> same kind of consent/audit/release logs that myopenid keeps around
> (tracling/tracing your communications with RPs)
>
>
>
> Once you have a session, it happens to offer openid assertions to SPs.
>
>
>
> The behavior seems similar to the Google BlogSpot  service, where you had
> to first login to BlogSpot using google proprietary means, and only then
> could you leave an authenticated comment on the blogspot site using some (or
> other ) OP. In reality Google was tracking your comment using the
> proprietary means, but one was present in  the OP name to comment readers.
>
>
>
>
>
>
>
>
>
> *From:* general-bounces at openid.net [mailto:general-bounces at openid.net] *On
> Behalf Of *Andrew Arnott
> *Sent:* Friday, February 20, 2009 11:08 AM
> *To:* Chris Messina
> *Cc:* DiSo Project; OpenID List
> *Subject:* Re: [OpenID] Verisign Announces Free OpenID Digital Lockbox
>
>
>
> Sorry... this doesn't seem like OpenID authentication to me.  Verisign only
> lets you log into the vault using your PIP account, which although PIP is an
> OpenID Provider, means that OpenID has nothing to do with your
> authentication experience.  You can't use any openid to log in -- you just
> log in with your PIP username and password, and a hardware credential that
> costs at least $30 to boot.
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - Voltaire
>
>  On Fri, Feb 20, 2009 at 10:57 AM, Chris Messina <chris.messina at gmail.com>
> wrote:
>
> I find this very interesting:
>
>
>
> http://infosecurity.us/?p=6437
>
>
> http://blogs.verisign.com/innovation/2009/02/pip_update_a_free_secure_digit.php
>
>
>
> It's how it works over OpenID that is most compelling (though this is
> really just the OpenID + OAuth hybrid, minus OAuth):
>
>
>
> *http://infosecurity.us/images/openid_protocol.png*
>
>
>
> So basically it's like MobileMe attached to your OpenID, with the ability
> to provide delegated access!
>
>
>
> Thoughts?
>
>
> Chris
> --
> Chris Messina
> Citizen-Participant &
>  Open Web Advocate-at-Large
>
> factoryjoe.com # diso-project.org
> citizenagency.com # vidoop.com
> This email is:   [ ] bloggable    [X] ask first   [ ] private
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
>



-- 
Chris Messina
Citizen-Participant &
 Open Web Advocate-at-Large

factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090220/218d3231/attachment-0002.htm>

More information about the general mailing list