<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Can you make an online payment with your OpenID? I guess the
immediate answer is, no, there is no such service available. At least I haven’t
been able to find one.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>But why shouldn’t it be possible? It seems to me that
it should be a lot more safe than using credit card numbers – anyone can
use your credit card numbers, but it is only you and no one else who can use
your OpenID.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I don’t know if Yahoo! has any paid-for-premium
service, but lets assume they have. Then Yahoo! is able to collect money from
these people already. So a webshop could accept payments through OpenIDs from
premium.yahoo.com/people/NAME if the webshop has an agreement with Yahoo. Any
bank or card issuer could do the same and let you pay with OpenIDs of the form
MYID.MYBANK.COM for instance 12345678.mymastercardid.com.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Advantages for the end-user would be a more secure payment method
than using your credit card numbers, widely available with the big players
bying in on OpenID, and a well known technology (when it becomes widely used of
course).<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>There’s probably lots of problems with this idea and I
guess a lot of you would say “Phishing!” immediately. But what if
the bankers *required* you to use a technology like CardSpace or similar (see
Kim Camerons video here: <a href="http://www.identityblog.com/?p=923">http://www.identityblog.com/?p=923</a>).
Then you would never be issued a phishable password.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>This should be doable right now, but the user experience
would need some improvements: when I am asked to accept an OpenID query at
myopenid.com then I am only presented with a URL and no other message. For a payment
transaction I would like to see the amount and some other text too. This would
require some minor extensions to the OpenID standard (as far as I understand it).<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Dreaming on … I could also see the use of OpenID as a
payment method without prior agreement between the webshop and the OpenID
issuer: “all it needs” is a digitaly secure way for the webshop to
ask the OpenID provider if it allows payments, in which countries, and probably
also a few other things. Much like SSL where you trust a certificate because it
has been signed by a root certificate. In this case the OpenID provider would have
a certificate from “someone” that proves it can be used for
payments.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Thanks for listening :-)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>/Jorn Wildt<o:p></o:p></span></font></p>
</div>
</body>
</html>