[OpenID] [OpenID board] Members Login broken
Peter Williams
pwilliams at rapattoni.com
Tue Jan 27 11:32:13 UTC 2009
This is the Achilles heel of OpenID.
Within the openid framework, for now we could just ensure that by standardized AX processes, users can register a CTL of *their* trusted CAs at each consumer - to aid _subsequent_ recognition/discovery of the user's syno-nyms that delegate to the CTL-introducing OP. AX is a registration mechanism, that facilitates delegation to the users choice of source https domain.
What a globally scalable OpenID trust model for https URLs needs is a properly-designed source tree routing/resolution protocol, something akin to pages 32-40 in
http://www.nanog.org/mtg-9806/ppt/davemeyer/davemeyer.PPT
By analogy, the "public CAs" used at OPs needs to play the role of sparse-mode PIM "Rendezvous Points" , seeking to connect "receivers" (openid consumers) to the many data "sources" (the many user vanity openids). In the course of registration, the https roots selected by the source (=USER) are communicated to the assertion-consumer sites, as the "url" (read multicast!) routing converges - linking the consumer https-realms to the user's vanity https-realms, on a per group basis.
OpenID really does have a classical routing problem, exercised through urls rather than subnets.
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Brian Ellin
Sent: Monday, January 26, 2009 9:04 PM
To: Eddy Nigg (StartCom Ltd.)
Cc: board at openid.net; general at openid.net
Subject: Re: [OpenID] [OpenID board] Members Login broken
Hi Eddy,
RPX recently switched to using a list of standard certificate authorities that happened to not include StartSSL (https://www.startssl.com/), the issuer of your SSL certificate. We'll be updating our CA list to include include StartSSL shortly.
Sorry for the inconvenience.
Brian Ellin
JanRain
On Sun, Jan 25, 2009 at 3:10 PM, Eddy Nigg (StartCom Ltd.) <eddy_nigg at startcom.org<mailto:eddy_nigg at startcom.org>> wrote:
On 01/25/2009 04:29 AM, David Fuelling:
Member Login is working for me at present.
It did for me as well previously. :-(
IMHO, the foundation has other things to worry about than making sure the website technology is working properly. We should be paying people to do that for core/key technology where volunteer help is either too slow, or non-existent.
Let's let the OpenID community members concentrate on spec-writing.
Except that we discussed previously that we want a vendor neutral interface at the OpenID Foundation web sites.
Regards
Signer:
Eddy Nigg, StartCom Ltd.<http://www.startcom.org>
Jabber:
startcom at startcom.org
Blog:
Join the Revolution!<http://blog.startcom.org>
Phone:
+1.213.341.0390
_______________________________________________
general mailing list
general at openid.net<mailto:general at openid.net>
http://openid.net/mailman/listinfo/general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090127/e3f32de6/attachment-0002.htm>
More information about the general
mailing list