proposal: RP display

Dick Hardt dick at sxip.com
Fri Sep 22 00:01:26 UTC 2006


It is optional, not required. I think we are already considering  
requiring SSL for certain security levels per Hans suggestion to  
increase the the certainty of the URL.

-- Dick

On 20-Sep-06, at 12:41 PM, Johannes Ernst wrote:

>> Dick's right that if high-assurance SSL certs that CardSpace is  
>> planning to
>> use (see http://www.geotrusteurope.com/products/high-assurance-ssl/ 
>> faq.asp)
>> get traction, OpenID IdPs should be able to take advantage of  
>> them. But
>> there is no standard yet, and none have been issued, so any  
>> solutions in the
>> OpenID 2.0 timeframe will need to use other methods.
>
> Am I the only one who'd think that a decentralized identity system  
> should not depend on some central authority's validation of  
> somebody's identity? (whether expressed as a signature on logos or  
> whatever ...)
>
> Note that I didn't say "cannot use", but "should not depend on",  
> protocol-wise or de-facto.
>
>
>
>
> Johannes Ernst
> NetMesh Inc.
>
> <lid.gif>
>  http://netmesh.info/jernst
>
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs




More information about the specs mailing list