Peter-<br> I've pointed this out too (having been at Visa until relatively recently, and having done work on 3-D Secure in the last two years). The real tragedy was that the 3-D Secure protocol and all the implementation details were behind a wall of non-disclosure and licensing (for no particularly good reason, as far as I could tell - maybe some patent issues - I don't open).
<br> Just another reason why *Open*ID will win over closed protocols like 3-D secure in the end, I think - even if OpenID has to deal with the lack of a managed risk model "out of the box". <br><br> -Gabe<br>
<br><div class="gmail_quote">On Jan 24, 2008 1:15 PM, Peter Williams <<a href="mailto:pwilliams@rapattoni.com">pwilliams@rapattoni.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>PS The flow I outlined seems very little different to how Visa/Mastercard's financial webSSO works (in the 1997-era 3dsecure standards), where virtual and/or use-once PANs (visa card numbers) could be manufactured by the various merchant/acquirer gateways (acting as asserting parties), for consumption by particular communities of merchants subscribing to particular "managed risk models" - ultimately serviced by VISANet.
<br><br><br><br>________________________________<br><br>From: Drummond Reed [mailto:<a href="mailto:drummond.reed@cordance.net">drummond.reed@cordance.net</a>]<br>Sent: Thu 1/24/2008 12:19 PM<br>To: Peter Williams; 'OpenID List'
<br>Subject: RE: [OpenID] Laws of id, openid with ssl<br><div><div></div><div class="Wj3C7c"><br><br><br>> Peter Williams wrote:<br>> Law 4:directed identity. Enough said. The mission of uci is contrary to<br>> this law? Surely? Uci thesis essentially denies the legitinmacy of the
<br>> notion of private identities.<br><br>Peter, the directed identity feature in OpenID 2.0 fully supports directed<br>identity. Thus I would not say the "user-centric identity thesis" denies the<br>legitimacy of the notion of private identities at all. Rather user-centric
<br>identity means the user is in control of the identifiers. As of OpenID 2.0,<br>a user can have two types of user-centric identifiers: public identifiers<br>(what Law 4 calls "omnidirectional identifiers") that can be shared
<br>publicly, and private identifiers (what Law 4 calls "directional<br>identifiers") which are not intended to be shared publicly.<br><br>=Drummond<br><br><br><br>_______________________________________________
<br>general mailing list<br><a href="mailto:general@openid.net">general@openid.net</a><br><a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br></div></div>
</blockquote></div><br><br clear="all"><br>-- <br>Gabe Wachob / <a href="mailto:gwachob@wachob.com">gwachob@wachob.com</a> \ <a href="http://blog.wachob.com">http://blog.wachob.com</a> <br>