proposal: RP display

Dick Hardt dick at
Fri Sep 22 00:01:26 UTC 2006

It is optional, not required. I think we are already considering  
requiring SSL for certain security levels per Hans suggestion to  
increase the the certainty of the URL.

-- Dick

On 20-Sep-06, at 12:41 PM, Johannes Ernst wrote:

>> Dick's right that if high-assurance SSL certs that CardSpace is  
>> planning to
>> use (see 
>> faq.asp)
>> get traction, OpenID IdPs should be able to take advantage of  
>> them. But
>> there is no standard yet, and none have been issued, so any  
>> solutions in the
>> OpenID 2.0 timeframe will need to use other methods.
> Am I the only one who'd think that a decentralized identity system  
> should not depend on some central authority's validation of  
> somebody's identity? (whether expressed as a signature on logos or  
> whatever ...)
> Note that I didn't say "cannot use", but "should not depend on",  
> protocol-wise or de-facto.
> Johannes Ernst
> NetMesh Inc.
> <lid.gif>
> _______________________________________________
> specs mailing list
> specs at

More information about the specs mailing list