Some suggestions about Open Id AX profile

[SitG Admin]

>In Openid attributes are alegated, so you don't have to trust the OP 
>because there's nothing to trust on. Dealing with certified 
>attributes create a problem : how could I, as a relying party, know 
>that this OP works fine and if it says "level 4" all criteria to 
>consider were done the right way.

You can't. But you have the right idea:

>Our proposal, in the same way as PAPE, the Relying Party does not 
>need to trust the OP. The User is the one that needs to trust the 
>OP. If problems arises with certain OP, then relying parties could 
>choose to use some OP and exclude others with mechanisms like 
>white/black lists.

The user needs to trust the OP that the *other* user (the one they 
have a contract with) is using; so, share that information, and 
displace the responsibility for distrusting various claims onto the 
user. This isn't very *friendly*, mind you, but I don't see any way 
of preventing a user from setting up an absolutely new OP just for 
that one contract; with a valuable enough contract at stake, it would 
even be cost-effective to rig one's own "independent auditors".

You might be able to score OP's locally, by "how many other contracts 
have trusted this OP", but then (to prevent gaming the system) there 
should be other statistics such as how long the OP has been in use, 
how often a contract has required "use another OP" during 
renegotiation, how often negotiations have *failed* entirely because 
one party refused to use another OP, the demographic spread of these 
uses over time, and maybe even the values of those contracts (for 
low-value contracts, there might not have been as much scrutiny over 
the trustworthiness of OP's), most or all of which raises user 
privacy issues. The last item raises verifiability issues; how do you 
*know* the value of the contracts are as reported?

-Shade