[OpenID] Google discovery prototype: host-meta from Google
Manger, James H
James.H.Manger at team.telstra.com
Thu Jul 16 13:14:47 UTC 2009
Breno said:
“2. The design being discussed at the XRI TC would allow sites to delegate trust to any other site of their choice, by signing delegation statements.”
It sounds like the XRI TC discussion assumes a site signs their own delegation statements.
In the Google proof-of-concept, hosted-id.google.com can sign delegation statements for any site on the Internet.
This is a mismatch.
It does not sound like the mismatch is a temporary kludge just for a demo. Breno included “removing 3rd-party XRDS signers” as one of the changes that “would break adoption”.
Requiring a site to have its own certified key-pair to sign delegation statements could certainly be a substantial barrier to adoption. It may be a higher barrier than a site getting an HTTPS certificate (though this totally depends on the CA). Getting a site to host a single file will often be easier.
James Manger
James.H.Manger at team.telstra.com<mailto:James.H.Manger at team.telstra.com>
Identity and security team — Chief Technology Office — Telstra
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090716/ccc0d8c1/attachment.htm>
More information about the general
mailing list