[OpenID] Graphical UIs
Manger, James H
James.H.Manger at team.telstra.com
Fri May 15 04:25:42 UTC 2009
A X.509 certificate can hold (or securely reference) a logo representing the subject's organisation, a community they belong to, and/or the issuer (CA). That is, an RP's HTTPS certificate can hold the RP's logo.
RFC 3709 "Logotypes in X.509 Certificates", Feb 2004 <http://tools.ietf.org/html/rfc3709> defines how to do this.
An OP could get an RP's logo during RP discovery if the RP used an HTTPS realm, and their certificate had the logotype extension.
I have seen plenty of VeriSign certificates that include the issuer's logo. I am not aware of any public CAs that put the subject's logo in the certificate -- but I have not looked for this feature.
I think Microsoft's CardSpace information card identity selector displays these logos, but the major web browsers currently don't.
This is an existing solution to the trust & scalability issues. I will not offer any judgement about whether it is the right long-term approach.
P.S. An update http://tools.ietf.org/html/draft-santesson-pkix-certimage-00 is currently being debated in the IETF PKIX working group < http://www.imc.org/ietf-pkix/mail-archive/msg05546.html>.
James Manger
James.H.Manger at team.telstra.com
Identity and security team — Chief Technology Office — Telstra
More information about the general
mailing list