<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Josh Hoyt wrote:<br>
<blockquote
 cite="mid34714aad0610201227n7701978ay305d652a4a912c37@mail.gmail.com"
 type="cite">The specification will enumerate the trade-offs for using
or not using different security technologies, and leave the decision up
to implementers. Hans from VeriSign has designed security profiles for
OpenID implementations.
  <br>
</blockquote>
Where?<br>
<blockquote
 cite="mid34714aad0610201227n7701978ay305d652a4a912c37@mail.gmail.com"
 type="cite"><br>
Basically, the idea is that the user (with the IdP and RP's help) will
make decisions on what is secure enough</blockquote>
How?<br>
<blockquote
 cite="mid34714aad0610201227n7701978ay305d652a4a912c37@mail.gmail.com"
 type="cite"> while adoption is still taking place, and eventually,
there will be enforceable levels of security.<br>
</blockquote>
Excellent!
<div class="moz-signature">-- <br>
<div><font face="Arial" size="2">Regards</font></div>
<div><font face="Arial" size="2"> </font></div>
<div><font face="Arial" size="2">Signer:      Eddy Nigg, StartCom Ltd.</font></div>
<div><font face="Arial" size="2">Phone:       +1.213.341.0390</font></div>
<div><br>
</div>
</div>
</body>
</html>