<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi James,<br>
<br>
James A. Donald wrote:<br>
<blockquote cite="mid4541BC96.70408@echeque.com" type="cite">> Well,
I don't know, what's the difference is, between
<br>
> defining certain aspects of the protocol, data
<br>
> exchange and conditions to be met in order to
<br>
> successfully implement the proposed standard, and
<br>
> between the suggestions I made.
<br>
<br>
Suppose we all agreed it was a good idea: What would
<br>
happen? Nothing would happen! In this sense, it really
<br>
is out of scope. There is no way we can cause the
<br>
protocol to fail if the IDP is following bad logon
<br>
practices, but wants to the protocol to succeed, any
<br>
more than we could cause the protocol to fail if the IDP
<br>
was a pedophile.
<br>
</blockquote>
First I think, that certain things can be controlled, second I believe
in an simple idea to provide some kind of regulatory forum for example:<br>
<br>
A central repository of a list of registered IDP's. The RP can define
if he wants to check with that list or not.<br>
If yes, the RP checks with the list and receives a green light, else it
fails.<br>
<br>
Now this repository can have many colors and shapes...In the simplest
form the IDP requests registration of the IDP URL which would be
publicly displayed somewhere. Everybody interested can check the IDP
and make suggestions, if the IDP doesn't adhere to some agreed
standard. This repository can be run a a few volunteers who might
rotate and perhaps randomly assign IDP registration to the various
volunteers. This can be something very simple, but by the fact, that it
must be registered and is displayed in public will reduce the chances
for IDP's not adhering to whatever is outlined in the specs (currently
none). Additionally I'd suggest a cool-of period for new applicants of
a few days to a week or two...<br>
<br>
This is just some brainstorming and it could be, that others might have
better ideas...<br>
<br>
<div class="moz-signature">-- <br>
<div><font face="Arial" size="2">Regards</font></div>
<div><font face="Arial" size="2"> </font></div>
<div><font face="Arial" size="2">Signer: Eddy Nigg, StartCom Ltd.</font></div>
<div><font face="Arial" size="2">Phone: +1.213.341.0390</font></div>
</div>
</body>
</html>