[OpenID] persistent, non-recycleable identifiers
SitG Admin
sysadmin at shadowsinthegarden.com
Tue Dec 1 23:06:20 UTC 2009
>Who is authoritative for a Subject will depend on the trust model.
>In the common case it would be based on whoever controls the
>signing/SSL certificate for the domain name in the URL.
It would be excellent if the common OpenID libraries could exceed
modern browsers' security model, in this respect; the root CA's are a
group from within which individual members may act in effective
anonymity. Being able to discriminate between different CA's would
also lower the bar to alternatives like self-signed certificates (or
someone using their own CA).
-Shade
More information about the specs
mailing list