[security] security

[Dan Lyke]

On Sun, 29 Oct 2006 14:06:44 -0800, James A. Donald wrote:
> We need a whitelist of known good identity providers,

I think you're welcome to publish such a thing.

> thinks useful - we need consensus on how to format and
> communicate those lists,

FOAF.

Actually, I think that's too simplistic, we'll want two things: A  
YADIS addition that allows an Identifier to publish a list of  
Reputation Brokers that it's registered with, and a simple API that a  
Reputation Broker can be queried by, but FOAF has already figured out  
the relationship stuff.

Build one. I'll use it. I'll probably even build one with whatever API  
you come up with. It's not hard, and the details aren't worth  
quibbling over.

Once there's an implementation or two, then we can throw it at the  
OpenID community and see if anyone wants to add on to it, but doing it  
is worth many times talking about it.

Dan