Hi Johaness, <br><br>Actually, that is part of the reason why we are bringing the notion of Public Key back into the place in our proposal of reputation service and trusted data exchange. For a serious business apps, I suppose we need this kind of structure. <br>
<br>Let us disccuss them in the forthcoming WGs :-)<br><br>=nat<br><br><div><span class="gmail_quote">2008/3/22, Johannes Ernst <<a href="mailto:jernst+openid.net@netmesh.us">jernst+openid.net@netmesh.us</a>>:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On 2008/03/20, at 3:34, Chris Drake wrote:<br> > 7) Legal responsibilities - probably not one that Providers are happy<br> > with, but, it's not the RPs fault if a customer account is<br> > plundered because of fault with the login system - freeing up the<br>
> RP from the legal liability/responsibility of that issue (eg: the<br> > customer would sue the Provider, not the RP)<br> <br> <br>Actually, no. The customer would sue both the RP and the OP, and the<br> RP would sue the OP -- at a minimum ;-) And one of the problems with<br>
have with OpenID so far is that legal discovery would be very hard<br> because nobody could prove to anybody what they have done or not.<br> <br> (This is one of the reasons why I originally picked GPG as the crypto<br> for LID instead of symmetric keys that we have in OpenID -- if the RP<br>
keeps the incoming requests around, the RP can show them later in<br> legal discovery and say "see, nobody could have produced this<br> signature at the encoded time stamp other than somebody in the<br> possession of the private key, and that's not us, so we get to go home<br>
free")<br> <br> I continue to believe that we'll have to address this problem sooner<br> or later ... even if some people on this list seem to have some kind<br> of public-key phobia ;-)<br> <br> Cheers,<br> <br>
<br> <br> Johannes.<br> <br><br> <br> <br> Johannes Ernst<br> NetMesh Inc.<br> <br> <br> <br> <br> <a href="http://netmesh.info/jernst">http://netmesh.info/jernst</a><br> <br> <br>_______________________________________________<br>
general mailing list<br> <a href="mailto:general@openid.net">general@openid.net</a><br> <a href="http://openid.net/mailman/listinfo/general">http://openid.net/mailman/listinfo/general</a><br> <br><br></blockquote></div><br>
<br clear="all"><br>-- <br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a>