[security] security

[Eddy Nigg (StartCom Ltd.)]

I suggest, that instead of going in cycles, as somebody mentioned, lets
make some decisions. I don't know how decision making is done at OpenID,
but assuming that everybody can vote on an open issue, I suggest to have
a principal decision taken, to see, if there is support for an open,
centralized body performing basic registry and adherence of specs/policy
supervision. This would be incorporated as part of the basic trust
mechanism at the specs / framework of OpenID. Details should be worked
out after a principal decision is taken.

After a decision on this issue, everybody knows what's in for them and
what to expect. Future discussions may be pointed to this decision,
avoiding the subject coming up in this or that form. Suggestions?

James A. Donald wrote:
> "Open" should mean that multiple people can perform the
> role that Google performs.   At present, no one can
> perform the role that Google performs.  If the spammers
> start using Openid on Tuesday, what do we do on
> thursday?
>   

-- 
Regards
 
Signer:      Eddy Nigg, StartCom Ltd.
Phone:       +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061029/98e2a66d/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061029/98e2a66d/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061029/98e2a66d/attachment-0002.bin>