<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.5450.4" name=GENERATOR></HEAD>
<BODY
style="WORD-WRAP: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space">
<DIV><SPAN class=569221516-23012007><FONT face=Arial color=#0000ff size=2>Even
if we don't produce a white paper, we should at least produce enough insight
that others such as industry analysts can provide the white paper writing
services and blogging is a great way to make this happen. We should talk about
the following:</FONT></SPAN></DIV>
<DIV><SPAN class=569221516-23012007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=569221516-23012007><FONT face=Arial color=#0000ff size=2>1. How
OpenID can benefit enterprises - enough on the consumerish stuff. Besides,
success should not be based on just amount of eyeballs but where the money
is.</FONT></SPAN></DIV>
<DIV><SPAN class=569221516-23012007><FONT face=Arial color=#0000ff size=2>2.
What would industry vertical approaches look like using user-centric approaches
- Yes we can be compatible with PKI but how about focusing on the "instead of"
scenarios</FONT></SPAN></DIV>
<DIV><SPAN class=569221516-23012007><FONT face=Arial color=#0000ff size=2>3. A
discussion on who is willing to pay - Stolen from Dick - I am of the belief that
consumers won't pay and therefore putting into business context is the only way
to make money. </FONT></SPAN></DIV>
<DIV><SPAN class=569221516-23012007><FONT face=Arial color=#0000ff size=2>4. If
businesses are willing to pay, then what do they require and how to they beneift
- anti-phishing, authorization, relationships, etc</FONT></SPAN></DIV>
<DIV><SPAN class=569221516-23012007><FONT face=Arial color=#0000ff size=2>5. How
should enterprise architecture teams start thinking about identity - it needs to
move away from just security folks talking about it in terms of protection
mechanisms towards something that becomes a business enabler</FONT></SPAN></DIV>
<DIV><SPAN class=569221516-23012007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=569221516-23012007><FONT face=Arial color=#0000ff size=2>If we
blog heavily on identity, relationships, authorization and attestation and the
analysts need some additional stimulus to publish on it, then I will pick up
expenses associated with making this happen as long as we do so quickly and in a
more aggressive manner.</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Johannes Ernst
[mailto:jernst+openid.net@netmesh.us]<BR><B>Sent:</B> Monday, January 22, 2007
3:19 PM<BR><B>To:</B> McGovern, James F (HTSC, IT)<BR><B>Cc:</B>
specs@openid.net<BR><B>Subject:</B> Re: Special Request: Client Certificates
vs. OpenID<BR><BR></FONT></DIV>So I've been doing some asking around who might
be interested in co-authoring some kind of white paper on the subject of
user-centric identity in/for the enterprise. There are some volunteers with a
variety of view points -- no guarantees that we'll manage to produce something
collaboratively (cross-vendor white papers tend to be hard) -- and we'll see
where that goes.
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV>That only goes partially to your point, but it is a step.</DIV>
<DIV><BR class=khtml-block-placeholder>
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV><BR>
<DIV>
<DIV>On Jan 22, 2007, at 9:08, McGovern, James F ((HTSC, IT)) wrote:</DIV><BR
class=Apple-interchange-newline>
<BLOCKQUOTE type="cite">
<P><FONT face=Arial size=2>Last week I sent a note to the list inquiring
whether anyone on this list wanted to participate in our industry vertical
standards body in hopes of ratifying OpenID as an endorsed horizontal
specification. In terms of preparation, it would be greatly appreciated if
Dick Hardt, Johannes Ernst and other bloggers could from their blog discuss
user-centric identity as a potential solution to industry vertical concerns
since nothing neutral (produced by a vendor and not an insurance carrier)
exists in this regard.</FONT></P>
<P><FONT face=Arial size=2>Other industry verticals such as Pharmaceutical
have embraced PKI approaches where they issue client certificates to
participants. Many PKI vendors have in secret created user certificate
management issues, the inability to allow for roaming users, sharing of
desktops, and other concerns that I am of the belief that user-centric
approaches could handle. Of course PKI-centric and user-centric don't have
to be mutually exclusive but it would be wonderful if the blog entry
reflected how approaches such as SAFE (pharma) would have looked in a
user-centric world.</FONT></P><BR><FONT
size=3><BR><BR>*************************************************************************<BR>This
communication, including attachments, is<BR>for the exclusive use of
addressee and may contain proprietary,<BR>confidential and/or privileged
information. If you are not the intended<BR>recipient, any use, copying,
disclosure, dissemination or distribution is<BR>strictly prohibited. If you
are not the intended recipient, please notify<BR>the sender immediately by
return e-mail, delete this communication and<BR>destroy all
copies.<BR>*************************************************************************<BR></FONT>
<DIV
style="MARGIN: 0px">_______________________________________________</DIV>
<DIV style="MARGIN: 0px">specs mailing list</DIV>
<DIV style="MARGIN: 0px"><A
href="mailto:specs@openid.net">specs@openid.net</A></DIV>
<DIV style="MARGIN: 0px"><A
href="http://openid.net/mailman/listinfo/specs">http://openid.net/mailman/listinfo/specs</A></DIV></BLOCKQUOTE></DIV><BR></DIV></DIV></BLOCKQUOTE></BODY></HTML>