<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"Préformaté HTML Car";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
span.PrformatHTMLCar
{mso-style-name:"Préformaté HTML Car";
mso-style-priority:99;
mso-style-link:"Préformaté HTML";
font-family:Consolas;
color:black;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:614948675;
mso-list-type:hybrid;
mso-list-template-ids:838359572 2040168782 67895299 67895301 67895297 67895299 67895301 67895297 67895299 67895301;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor=white lang=FR link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>The best would be to resume the “benefits for the RPs” in 10/12 short
points with a Marketing/Business language but “neutral” = no subjective<o:p></o:p></span></p>
<p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span
lang=EN-US style='font-size:11.0pt;font-family:Wingdings;color:#1F497D'><span
style='mso-list:Ignore'>ð<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span
lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><a href="http://www.openideurope.eu/openid/relying-party/">http://www.openideurope.eu/openid/relying-party/</a>
<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I would like to add:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>- The possibility of having databases always updated (depends on
the implementation) with the last information of end users, e.g.: My last address
if I move<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>- Reduce deaths user accounts; Often users test only once a site
but with his OP… he can remember that he had already an Return to this site<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>- +40% (French study) internet user close a site because there
are a form, OpenID can increase the rate of transformation of a prospect to become
a customer<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Thoughts? (improve my words :)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Thank for your participation<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>-Snorri<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";
color:windowtext'>De :</span></b><span style='font-size:10.0pt;font-family:
"Tahoma","sans-serif";color:windowtext'> general-bounces@openid.net
[mailto:general-bounces@openid.net] <b>De la part de</b> Eddy Nigg (StartCom
Ltd.)<br>
<b>Envoyé :</b> jeudi 20 mars 2008 18:20<br>
<b>À :</b> Peter Williams<br>
<b>Cc :</b> general@openid.net<br>
<b>Objet :</b> Re: [OpenID] Thinking About OpenID.com<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'>+1<o:p></o:p></p>
<div>
<p class=MsoNormal>-- <o:p></o:p></p>
<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0>
<tr>
<td colspan=2 style='padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal>Regards <o:p></o:p></p>
</td>
</tr>
<tr>
<td colspan=2 style='padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal> <o:p></o:p></p>
</td>
</tr>
<tr>
<td style='padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal>Signer: <o:p></o:p></p>
</td>
<td style='padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal>Eddy Nigg, <a href="http://www.startcom.org">StartCom Ltd.</a><o:p></o:p></p>
</td>
</tr>
<tr>
<td style='padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal>Jabber: <o:p></o:p></p>
</td>
<td style='padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a><o:p></o:p></p>
</td>
</tr>
<tr>
<td style='padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal>Blog: <o:p></o:p></p>
</td>
<td style='padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal><a href="http://blog.startcom.org">Join the Revolution!</a><o:p></o:p></p>
</td>
</tr>
<tr>
<td style='padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal>Phone: <o:p></o:p></p>
</td>
<td style='padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal>+1.213.341.0390<o:p></o:p></p>
</td>
</tr>
<tr>
<td colspan=2 style='padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal> <o:p></o:p></p>
</td>
</tr>
</table>
</div>
<p class=MsoNormal><br>
<br>
Peter Williams: <o:p></o:p></p>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Point
6 is very subjective, judged using the following (subjective) criteria.</span><o:p></o:p></p>
</div>
<blockquote style='margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt'>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>10+
years of evidence has shown that consumers are unwilling or unable to handle
self-signed cert root key download events, being unable or unwilling to
evaluate the trust providers who assurance underpin the delivery of SSL
security services. This is likely to extend to the world of https openids, a
type of openid that our trade association is apparently promoting as a
"best practice" (a material, legal event, note). Its not clear that
consumer will be suddenly be able to now determine which providers are capable
of providing anti-phishing protection.</span><o:p></o:p></p>
</div>
</blockquote>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Point
7 is perhaps ill advised as a basic rationale for openid adoption by RPs.</span><o:p></o:p></p>
</div>
<blockquote style='margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt'>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Relying
parties are inevitably liable for the circumstances of their act of
reliance on any (security) assertion made by a third party, says this
non-lawyer. Having admitted an openid to be used to impersonate a subscribed
user, and upon relying upon a UCI-grade OP's assertion, the RP will surely
continue to have the full panoply of legal obligations.<br>
<br>
Assume for example, that the RP (e.g. "plaxo") is operating in
the state of California. Assume also that the RP has account linked one or more
of a CONSUMER's openids to a single "plaxo" for-fee account (that is
subscribed to be in good standing), where we note that "plaxo"
is in the normal, _dominant_ business-to-consumer legal relationship
with the subscriber, as assessed under CA criteria. Assume now that the OP
involved in the account linking is just 1 of several UCI-grade OPs bound by
"plaxo" - upon one or more constructive acts of reliance involving
cert messages and openid auth messages - to this and other
subscriber accounts. Assume furthermore that "plaxo" is relying upon
one or more OPs with whom it has no agreements governing the act of reliance.
Lets assert now that it is now common public knowledge that a given OP has
engaged in an improper act, leading to the situation that there is a "high
level of risk" that Personal data of a "plaxo" subscriber
has been compromised. We could ask Plaxo's general counsel to volunteer legal advice
on a hypothetical: would s/he now feel legally obligated under CA law to
issue n written letters by US post to all "affected" _subscribers_,
warning them of the generalized exposure? If so, how would one enumerate those
who are "affected" in the case of UCI-grade openid?</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
</blockquote>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<div class=MsoNormal align=center style='text-align:center'>
<hr size=2 width="100%" align=center>
</div>
</div>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'><b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> Chris Drake<br>
<b>Sent:</b> Thu 3/20/2008 3:34 AM<br>
<b>To:</b> Brendon J. Wilson<br>
<b>Cc:</b> <a href="mailto:general@openid.net">general@openid.net</a><br>
<b>Subject:</b> Re: [OpenID] Thinking About OpenID.com</span><o:p></o:p></p>
</div>
<div><pre>Hi Brendon,<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Some more suggestions...<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>6) Security - when folks have their fave provider, they're less<o:p></o:p></pre><pre> vulnerable to phishing and password hijacking in other forms, not<o:p></o:p></pre><pre> to mention, the providers job is to improve in this area too,<o:p></o:p></pre><pre> freeing up the RP to ignore this stuff.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>7) Legal responsibilities - probably not one that Providers are happy<o:p></o:p></pre><pre> with, but, it's not the RPs fault if a customer account is<o:p></o:p></pre><pre> plundered because of fault with the login system - freeing up the<o:p></o:p></pre><pre> RP from the legal liability/responsibility of that issue (eg: the<o:p></o:p></pre><pre> customer would sue the Provider, not the RP)<o:p></o:p></pre><pre><o:p> </o:p></pre><pre> Liability is probably different depending on the TOS involved, and<o:p></o:p></pre><pre> the country of the customer and provider (and maybe RP) - some<o:p></o:p></pre><pre> jurisdictions have laws that forbid the disclaiming of various kinds<o:p></o:p></pre><pre> of liabilities.<o:p></o:p></pre><pre> <o:p></o:p></pre><pre>Kind Regards,<o:p></o:p></pre><pre>Chris Drake<o:p></o:p></pre><pre><o:p> </o:p></pre><pre><o:p> </o:p></pre><pre>Thursday, March 20, 2008, 2:53:18 AM, you wrote:<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>BJW> +1 Snorri's comment.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>BJW> I've been looking at OpenID for a client, and as I survey the OpenID<o:p></o:p></pre><pre>BJW> landscape it's become apparent very quickly that there's lots of<o:p></o:p></pre><pre>BJW> identity providers, but not a lot of relying parties. Any of the big<o:p></o:p></pre><pre>BJW> players seem to be staying out of that space, with the exception of<o:p></o:p></pre><pre>BJW> the blog platforms and open source CMS systems. Examples: AOL - only<o:p></o:p></pre><pre>BJW> Propeller seems to have OpenID as a login option. Yahoo! - haven't<o:p></o:p></pre><pre>BJW> found an OpenID login yet. All of the focus right now seems to be on<o:p></o:p></pre><pre>BJW> getting people to get an OpenID.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>BJW> I think any discussion of how to evangelize OpenID to the general<o:p></o:p></pre><pre>BJW> public also requires the foundation to clearly articulate the value of<o:p></o:p></pre><pre>BJW> being a relying party, otherwise we risk stalled growth when users<o:p></o:p></pre><pre>BJW> finally decide to get an OpenID, but have nowhere to use it. JanRain<o:p></o:p></pre><pre>BJW> claims 8,000 relying parties, but I've seen little justification for<o:p></o:p></pre><pre>BJW> that number; OpenIDDirectory.com lists about 530 or so OpenID-related<o:p></o:p></pre><pre>BJW> sites, and 60 or so of them are identity providers. Demonstrating<o:p></o:p></pre><pre>BJW> value to potential relaying parties also requires showing, in no<o:p></o:p></pre><pre>BJW> uncertain terms, just how many people already use it.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>BJW> I'd like to propose the following strawman benefits of being a relying<o:p></o:p></pre><pre>BJW> party for the group to eviscerate (warning: businesspeak ahead):<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>BJW> 1) Expedited customer acquisition: OpenID allows user to quickly and<o:p></o:p></pre><pre>BJW> easily complete the account creation process by eliminating entry of<o:p></o:p></pre><pre>BJW> commonly requested fields (email address, sex, birthdate), thus <o:p></o:p></pre><pre>BJW> reducing the friction to adopt a new service.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>BJW> 2) Reduced user account management costs: The primary cost for most IT<o:p></o:p></pre><pre>BJW> organizations is resetting forgotten authentication credentials. By<o:p></o:p></pre><pre>BJW> reducing the number of credentials, a user is less likely to forget<o:p></o:p></pre><pre>BJW> their credentials. By outsourcing the authentication process to a<o:p></o:p></pre><pre>BJW> third-party, the relying party can avoid those costs entirely.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>BJW> 3) "Thought leadership": There is an inherent marketing value for an<o:p></o:p></pre><pre>BJW> organization to associate itself activities that promote it as a<o:p></o:p></pre><pre>BJW> thought leader. It provides an organization with the means to <o:p></o:p></pre><pre>BJW> distinguish itself from its competitors. This is your chance to <o:p></o:p></pre><pre>BJW> outpace your competitors.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>BJW> 4) Your competitors are already doing it: Whoops! So you missed out on<o:p></o:p></pre><pre>BJW> number 4, so you have to do it, otherwise you're falling behind the<o:p></o:p></pre><pre>BJW> times. Ketchup!<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>BJW> 5) Simplified user experience: Logical follow on from 1 & 2. However,<o:p></o:p></pre><pre>BJW> it's at the end of the list because that's not the business priority.<o:p></o:p></pre><pre>BJW> The business priority is the benefit that results from a simplified<o:p></o:p></pre><pre>BJW> user experience, not the simplified user experience itself.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>BJW> Thoughts?<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>BJW> Brendon<o:p></o:p></pre><pre>BJW> ---<o:p></o:p></pre><pre>BJW> Brendon J. Wilson<o:p></o:p></pre><pre>BJW> <a
href="http://www.brendonwilson.com">www.brendonwilson.com</a><o:p></o:p></pre><pre>BJW> _______________________________________________<o:p></o:p></pre><pre>BJW> general mailing list<o:p></o:p></pre><pre>BJW> <a
href="mailto:general@openid.net">general@openid.net</a><o:p></o:p></pre><pre>BJW> <a
href="http://openid.net/mailman/listinfo/general">http://openid.net/mailman/listinfo/general</a><o:p></o:p></pre><pre><o:p> </o:p></pre><pre><o:p> </o:p></pre><pre><o:p> </o:p></pre><pre>_______________________________________________<o:p></o:p></pre><pre>general mailing list<o:p></o:p></pre><pre><a
href="mailto:general@openid.net">general@openid.net</a><o:p></o:p></pre><pre><a
href="http://openid.net/mailman/listinfo/general">http://openid.net/mailman/listinfo/general</a><o:p></o:p></pre><pre> <o:p></o:p></pre></div>
<pre><o:p> </o:p></pre><pre style='text-align:center'>
<hr size=4 width="90%" align=center>
</pre><pre><o:p> </o:p></pre><pre>_______________________________________________<o:p></o:p></pre><pre>general mailing list<o:p></o:p></pre><pre><a
href="mailto:general@openid.net">general@openid.net</a><o:p></o:p></pre><pre><a
href="http://openid.net/mailman/listinfo/general">http://openid.net/mailman/listinfo/general</a><o:p></o:p></pre><pre> <o:p></o:p></pre>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>