Attestation

[McGovern, James F (HTSC, IT)]

The term attestation has a distinct legal meaning but within an IT
context may be used interchangably with the notion of certification or
periodic review. There are of course several levels of attestation. I
propose that minimally OpenID incorporate the first notion where someone
certifies you are who you say you are.

In an enterprise environment, a manager may attest that a particular
employee is still employed by them. In a user-centric world, if we could
have the ability to digitally "sign" either a managed-card (in an
enterprise setting) or across providers in a user setting along with
capturing transactional attributes such as when it was signed, how long
is this signature good for, the ability to revoke, etc we should be
covered.

Finally, an attestor should be able to choose from an enumeration of
relationships such as spouse, manager/employer, service
provider/customer, etc.

What would it take to change the OpenID XML to incorporate?


*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20070405/87e5ebe3/attachment-0002.htm>