[OpenID] liability issues

Peter Williams pwilliams at rapattoni.com
Sun Sep 20 19:03:18 UTC 2009 

For those less fortunate than Board members, the rest of us may have  to make do with

http://www.abanet.org/scitech/ec/isc/dsgfree.html

It's really out of date and focuses on users, RPs and CAs relying on certificates, cert chains, and registered names (vs relying on assertions, XRD sequences, and claims). But in an 80:20 world of low assurance, it's probably still great for the 80% case. It's not as if the principles of fraud have really changed in 400 years.

The main purpose of the DSG was to provide a judicial reference : well researched issues with which to frame the process of forming judgments. In its day, it assumed the clueless judge : which may no longer be a valid assumption.

It's not a study of liabilities in the area of assertions, self-certifications, or policy based governance through audit verification by a registry (that's been done many times before, over the last 20 years). It's a study in the art of controlling liability as a TTP (read IDP). Much of the art went into the design of the VeriSign CPS, whose liability control systems have changed little in 10 years

About the only thing that has really changed is the role of the RP which -- in infocard-land -- is now instrumental in picking cards (since it sets the claim requirements, including requirements for trust-level assertions from particular schemes).

From: John Bradley [mailto:ve7jtb at ve7jtb.com]
Sent: Sunday, September 20, 2009 11:38 AM
To: Peter Williams
Cc: openid General
Subject: Re: [OpenID] liability issues

Legal review of the TFP documents and issues is ongoing.

I don't know when the board will circulate results publicly.

John B.

On 2009-09-20, at 2:20 PM, Peter Williams wrote:


"The foundations jointly hired John Bradley<http://thread-safe.livejournal.com/> to develop profiles for the two technologies. They also hired the same lawyer to look at liability issues." [http://self-issued.info/?p=216]

Is the legal work available for review, or it is all confidential?
_______________________________________________
general mailing list
general at lists.openid.net<mailto:general at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090920/e59df2be/attachment.htm>

More information about the general mailing list