[security] Username / password etc. is out of scope for OpenID
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Thu Oct 26 01:47:56 UTC 2006
I thought, that this might be misunderstood, but by purpose didn't
wanted to get into it too much. But here a partial answer, which might
change perhaps, when I'll receive some answers on my other questions:
I suppose something like an "OpenID Foundation", which will register
IDP's after making some basic checks of the facility implemented. This
means mostly web site and server specific checks, in order to make sure,
that they confirm to a defined outlined standard. However since there is
no such implementation standard nor proper definitions of IDP's, this is
way to early to talk about. I'm not even sure, that the majority agrees,
there must be such a definition in first place...
This doesn't mean, that OpenID isn't free, but only compliance to the
standard...Such a foundation can be operated by a group of individuals,
companies etc....It might even be, that there _is_ already an "OpenID
Foundation", I just don't know about it...That's why my questions in a
previous mail (see Fundamentals).
Alaric Dailey wrote:
> IDP's.
>
> My 2 cents:
>
> I completely agree with the premise, and am not sure that Eddy ACTUALLY
> disagrees...
>
> I think what the spec is trying to say is that they don't want have a
> central company giving its blessing as to whether or not your site may be an
> IdP. On the other hand Eddy is concerned that some effort should be made to
> prove an IdP is who they say they are. This is what CAs are designed for.
>
>
>
> _______________________________________________
> security mailing list
> security at openid.net
> http://openid.net/mailman/listinfo/security
>
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061026/ec7697f1/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061026/ec7697f1/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061026/ec7697f1/attachment-0002.bin>
More information about the security
mailing list