backchannel/endpoint URLs, desired attributes

Joseph Anthony Pasquale Holsten joseph at josephholsten.com
Sat Dec 19 00:45:27 UTC 2009 

+1 That's why I'm putting my newfound free time into understanding AX2  
and CX today. Are any other groups working on this?
--j

On Dec 18, 2009, at 3:54 PM, Dick Hardt wrote:

> One of the my objectives with OpenID was that that OP was *only*  
> authoritative about the user's OpenID -- not anything else.
>
> Other attributes would ideally be asserted by parties that are  
> already trusted to make those assertions. The OP would be the  
> clearing house for those verified attributes, but would not be the  
> authority. For example, I may get a claim from the government  
> binding my OpenID to my name and date of birth. I could then present  
> that claim along with my OpenID to an RP. If they trust the  
> government (or whichever entity generated the claim), then they have  
> "confidence" in my name and date of birth.
>
> The binding of the attributes to an OpenID would be a verification  
> process done in a manner that RPs have trust.
>
> Trust is a social issue, not a technical issue. I believe that  
> certifying OPs and developing yet-another-identity verification  
> process is much more effort than getting existing trusted  
> authorities to make claims. Existing authorities are already in the  
> business of being authorities, and already are trusted. I have  
> talked to numerous existing authorities that are interested in  
> making claims about users.
>
> Unfortunately, OpenID has not yet standardized how to represent,  
> request or verify digital claims. Hopefully that is something we  
> work on sooner then later.
>
> -Dick
>
>
>> -----Original Message-----
>> From: Chris Obdam [mailto:chris.obdam at gmail.com] On Behalf Of Chris
>> Obdam
>> Sent: Friday, December 18, 2009 1:37 PM
>> To: Dick Hardt
>> Cc: Joseph Anthony Pasquale Holsten; openid-specs at lists.openid.net
>> Subject: Re: backchannel/endpoint URLs, desired attributes
>>
>> We are still working on that. We are now enquiring the involved OP's
>> about their current verifying methods. We hope to create a public
>> inventory of methods out of that. We don't think that there will be a
>> 'right way'
>>
>> Cheers,
>>
>> Chris Obdam
>> Stichting OpenID NL (Dutch OpenID foundation)
>>
>> Op 18 dec 2009, om 22:27 heeft Dick Hardt het volgende geschreven:
>>
>>> I'd be interested to hear what "the right way" is for verifying
>> attributes.
>>>
>>> -Dick
>>>
>>>> -----Original Message-----
>>>> From: openid-specs-bounces at lists.openid.net [mailto:openid-specs-
>>>> bounces at lists.openid.net] On Behalf Of Chris Obdam
>>>> Sent: Friday, December 18, 2009 1:13 PM
>>>> To: Joseph Anthony Pasquale Holsten
>>>> Cc: openid-specs at lists.openid.net
>>>> Subject: Re: backchannel/endpoint URLs, desired attributes
>>>>
>>>> Joseph,
>>>>
>>>> Over here in Holland (strange country..;-)) we are creating a group
>> of
>>>> certified OP's from who we check if the attributes are verified in
>> the
>>>> right way.
>>>> I know it's not that OPEN. But we don't see any other solution yet.
>>>>
>>>> Cheers,
>>>>
>>>> Chris Obdam
>>>> Stichting OpenID NL (Dutch OpenID foundation)
>>>>
>>>> Op 18 dec 2009, om 13:08 heeft Joseph Anthony Pasquale Holsten het
>>>> volgende geschreven:
>>>>
>>>>> Peter Watkins supposedly wrote:
>>>>>
>>>>>> I'm responsible for a City government web site, so not large but
>>>>>> perhaps representative of a large set of potential RPs:
>>>>> ...
>>>>>> We'd love to get metadata about the attributes, too -- date on
>> which
>>>>>> the email address was verified, whether the OP vouches that the
>>>> avatar
>>>>>> is actually a picture of the individual, etc.
>>>>>
>>>>> If I may pry, what do you plan to do with verified attributes? For
>>>> example, I intend for my self hosted OP to tell everyone that I  
>>>> last
>>>> verified my email before I was born. I'm as interested in the user
>>>> interface implications as the security ones.
>>>>>
>>>>> --
>>>>> Joseph Holsten
>>>>> http://josephholsten.com
>>>>> mailto:joseph at josephholsten.com
>>>>> tel:+1-918-948-6747
>>>>>
>>>>> _______________________________________________
>>>>> specs mailing list
>>>>> specs at lists.openid.net
>>>>> http://lists.openid.net/mailman/listinfo/openid-specs
>>>>
>>>> _______________________________________________
>>>> specs mailing list
>>>> specs at lists.openid.net
>>>> http://lists.openid.net/mailman/listinfo/openid-specs
>>>
>>
>

More information about the specs mailing list