proposal: RP display
dick at sxip.com
Fri Sep 22 00:01:26 UTC 2006
It is optional, not required. I think we are already considering
requiring SSL for certain security levels per Hans suggestion to
increase the the certainty of the URL.
On 20-Sep-06, at 12:41 PM, Johannes Ernst wrote:
>> Dick's right that if high-assurance SSL certs that CardSpace is
>> planning to
>> use (see http://www.geotrusteurope.com/products/high-assurance-ssl/
>> get traction, OpenID IdPs should be able to take advantage of
>> them. But
>> there is no standard yet, and none have been issued, so any
>> solutions in the
>> OpenID 2.0 timeframe will need to use other methods.
> Am I the only one who'd think that a decentralized identity system
> should not depend on some central authority's validation of
> somebody's identity? (whether expressed as a signature on logos or
> whatever ...)
> Note that I didn't say "cannot use", but "should not depend on",
> protocol-wise or de-facto.
> Johannes Ernst
> NetMesh Inc.
> specs mailing list
> specs at openid.net
More information about the specs