[security] Username / password etc. is out of scope for OpenID

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Thu Oct 26 00:30:03 UTC 2006 

Well, based on that sentence alone, it's perhaps useless. What happens
before, after, behind, under and above that specific act (proving the
control of a URI)?

But sincerely, I don't believe, that anyone involved at OpenID has this
sentence in mind when speaking, defining, planning and discussing
OpenID. This is not what Dick from SXIP has in mind and that's not what
you and I am thinking...or am I mistaken on this assumption?

And if this is not the real definition of OpenID (Your sentence below),
than we perhaps need get back to the basics and fundamentals and start
to define these things...Anybody?

Recordon, David wrote:
> OpenID Authentication is about a user in a given browser session
> proving to the RP that they control ("own") a given URI.
>  
> --David
>
> ------------------------------------------------------------------------
> *From:* security-bounces at openid.net
> [mailto:security-bounces at openid.net] *On Behalf Of *Eddy Nigg
> (StartCom Ltd.)
> *Sent:* Wednesday, October 25, 2006 5:13 PM
> *Cc:* security at openid.net
> *Subject:* Re: [security] Username / password etc. is out of scope for
> OpenID
>
> Recordon, David wrote:
>> Feel like proposing a better name?
>>
>> --David 
> Oh no....Don't change the name...address the issues! RP's which make
> use of OpenID are moving the authentication part to the IDP!  That's
> the first and most important feature of OpenID. Or can you or anybody
> else tell me, what OpenID is all about (there is also a Topic called
> Fundamentals, perhaps this question belongs to the same category).
>
> -- 
> Regards
>  
> Signer:      Eddy Nigg, StartCom Ltd.
> Phone:       +1.213.341.0390

-- 
Regards
 
Signer:      Eddy Nigg, StartCom Ltd.
Phone:       +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061026/a85698f8/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061026/a85698f8/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061026/a85698f8/attachment-0002.bin>

More information about the security mailing list