[OpenID] signed json in javascript, relationship to openid?
Peter Williams
home_pw at msn.com
Thu Oct 13 16:12:59 UTC 2011
I think you are right. In the openid sense, what matters is doing what the windows' cardspace process used to do - create a browser sandbox for security bridging. Then, we recall the early work (here) on enabling an openid provider to be bridged by such a process. The signed JSON/javascript work will help here, since the JSON 'output format' can represent a serialization of a particular (RDF) graph, and the javascript is script...that can use the web socket.
If the script is implementing an SSL client, one can hide the contents of the socket's plaintext from the browsers/vendors - which/who, given the evidence, we must assume are in some pact with policing authorities. (I dont mind that, personally ; I only mind that its hidden and undisclosed, promoting thereby distrust in civil authority in an internet world - that amplifies fear)
> Date: Wed, 12 Oct 2011 11:09:31 -0700
> To: home_pw at msn.com
> From: sysadmin at shadowsinthegarden.com
> Subject: Re: [OpenID] signed json in javascript, relationship to openid?
> CC: openid-general at lists.openid.net
>
> >What do folks feel about this? is this incompatible with openid? is
> >it part of the movements future? .. to re-cast the trustworthiness
> >of the browser itself?
>
> Signing discrete components of web-pages, through a script sourced
> from elsewhere, but providing the signature through the party that
> must trust your browser to run the right code? +1
>
> -Shade
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20111013/a16dbd93/attachment.html>
More information about the general
mailing list