Indeed. Such a third party should publish a score as a reputation service. <div><br class="webkit-block-placeholder"></div><div>This, combined with the on going continuous scoring "reputation" by customers will constitute the reputation that I would use. </div>
<div><br class="webkit-block-placeholder"></div><div>That is why we need some form of standardized reputation format and scoring system. </div><div><br class="webkit-block-placeholder"></div><div>=nat<br><br><div><span class="gmail_quote">2008/2/29, Eddy Nigg (StartCom Ltd.) <<a href="mailto:eddy_nigg@startcom.org">eddy_nigg@startcom.org</a>>:</span><blockquote class="gmail_quote" style="margin:0;margin-left:0.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#ffffff" text="#000000"><span class="q">
Paul Madsen wrote:
<blockquote type="cite"><br>
An X.509 RP has the same desires as an OpenID RP, ie that they can be
confident that the authority's (either CA or OP)
practices/procedures/technologies provide sufficient assurance for the
application being accessed.
<br>
</blockquote></span>
Exactly! And what do we know about this? What do we know about
"practices/procedures/technologies" in the OpenID world?<br>
<br>
As an OpenID RP I can't make a decision about each and every OP, not to
mention that I've never seen any OP which has policy governing its
operations. Nor have I ever seen a third party attestation confirming
any policy or practice statement either. Hence, in the OpenID world,
any trust (if there is such a thing at all) is based on pure
assumptions....nothing more. Neither does SSL between the OP and RP
solve this problem, it solves a different one (eavesdropping). In
relation to that, I guess any OP not using https shouldn't even be
considered by a RP really.<br>
<br>
In order to solve the problem mentioned above I suggested in the past
to form a federated group of providers which operates according to a
certain standard and verifies them in some form.<br>
<br>
<div>-- <br>
<span class="q">
</span><span class="q">
</span><table border="0" cellpadding="0" cellspacing="0">
<tbody><tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, <a href="http://www.startcom.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">StartCom Ltd.</a></td>
</tr>
<tr>
<td>Jabber: </td>
<td><a>startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">Join the Revolution!</a></td>
</tr><tr>
<td>Phone: </td>
<td>+1.213.341.0390</td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</div>
<br>_______________________________________________<br>
general mailing list<br>
<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:general@openid.net">general@openid.net</a><br>
<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a>
</div>