[security] security
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Fri Oct 27 22:21:37 UTC 2006
Hi James,
James A. Donald wrote:
> > Well, I don't know, what's the difference is, between
> > defining certain aspects of the protocol, data
> > exchange and conditions to be met in order to
> > successfully implement the proposed standard, and
> > between the suggestions I made.
>
> Suppose we all agreed it was a good idea: What would
> happen? Nothing would happen! In this sense, it really
> is out of scope. There is no way we can cause the
> protocol to fail if the IDP is following bad logon
> practices, but wants to the protocol to succeed, any
> more than we could cause the protocol to fail if the IDP
> was a pedophile.
First I think, that certain things can be controlled, second I believe
in an simple idea to provide some kind of regulatory forum for example:
A central repository of a list of registered IDP's. The RP can define if
he wants to check with that list or not.
If yes, the RP checks with the list and receives a green light, else it
fails.
Now this repository can have many colors and shapes...In the simplest
form the IDP requests registration of the IDP URL which would be
publicly displayed somewhere. Everybody interested can check the IDP and
make suggestions, if the IDP doesn't adhere to some agreed standard.
This repository can be run a a few volunteers who might rotate and
perhaps randomly assign IDP registration to the various volunteers. This
can be something very simple, but by the fact, that it must be
registered and is displayed in public will reduce the chances for IDP's
not adhering to whatever is outlined in the specs (currently none).
Additionally I'd suggest a cool-of period for new applicants of a few
days to a week or two...
This is just some brainstorming and it could be, that others might have
better ideas...
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061028/16c02a8c/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061028/16c02a8c/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061028/16c02a8c/attachment-0002.bin>
More information about the security
mailing list