[OpenID] Fwd: [OpenID Foundation] New Poll Opened

Peter Williams pwilliams at rapattoni.com
Fri Mar 20 21:49:10 UTC 2009 

The vast majority of certs issued in the internet are self-signed or self-rooted. I suspect these days more SSL happens in a way that has no UI than happens in a browser, with https URI namespace controls.

The good news in websso space is that there are main 2 competitors : SAML and openid. If Openid becomes a TTP culture run by 10 large mega-OPs, SAML will take the peer-peer space. Though SAML started life as  the multi-million dollar federation, its rapidly heading towards peer-peer (with lots of self-root cert chains, and  RP-based OCSP validation servers) – following in the footsteps of PKI. OpenID on the other hand started peer/peer, and is rapidly heading into the TTP space (where I suspect its founders wanted it all along).

From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Friday, March 20, 2009 2:29 PM
To: SitG Admin
Cc: general at openid.net
Subject: Re: [OpenID] Fwd: [OpenID Foundation] New Poll Opened

On 03/20/2009 10:35 PM, SitG Admin:
I think - with or without costs - this is what's expected from certification authorities.

Why?

Well, we have been through this already, don't we...

Nevertheless, certification authorities are certifying all kinds of things, ideally they certify people and organizations. That's what they were all about in the beginning. These days it's not exactly like this anymore...


I didn't intend it to be an analogy to SSL certificates, just the idea that if costs aren't monetary they don't exist. Extending the analogy in its intended direction, then, someone who enjoyed having sex and didn't think twice about having it with newly met strangers wouldn't necessarily see it as a cost, or even out of the ordinary for how they lived their life (just as most people don't think of "giving their full name" as a cost).

:-)

Neither is an identity disclosing requirement a cost - as long as the CA in question doesn't profit from it. At least that's my opinion. If it's required in order to govern a policy, it addresses a legitimate concern, and compliance on part of the recipient of a free service.

Further to your analogy: In order to rent a hotel room you must usually deposit a passport or other identifying document - at least you must present it usually. If you have to pay for the room or not is not the scope of this requirement.

Of course there are hostels or other places to sleep which might not require from you to present your ID document, but I bet you'll have some cockroaches sharing the room with you...

This is the correct analogy, not doing favors. It's the rules which are established in order to rent a room (without connection to the costs). Some might give you the room for free - but will not remove the established rules for getting one.

Regards



Signer:

Eddy Nigg, StartCom Ltd.<http://www.startcom.org>

Jabber:

startcom at startcom.org<xmpp:startcom at startcom.org>

Blog:

Join the Revolution!<http://blog.startcom.org>

Phone:

+1.213.341.0390




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090320/30fe21d6/attachment-0002.htm>

More information about the general mailing list