LoA 2 also involves identity proofing and many OPs does not satisfy it, even if it can satisfy the technical portion. <div><br></div><div>Banks etc. on the other hand, will be able to satisfy it, and in my experience, they are looking at it as an opportunity, at least in Japan. </div>
<div><br></div><div>So, it can be regarded as a new market opener than evolution of the current OPs. </div><div><br></div><div>=nat</div><div><br><div class="gmail_quote">On Fri, Aug 14, 2009 at 2:58 AM, Brian Kissel <span dir="ltr"><<a href="mailto:bkissel@janrain.com">bkissel@janrain.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div>
<p><span style="font-size:11.0pt;color:#1F497D">John, that’s a very good question.</span></p>
<p><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p><span style="font-size:11.0pt;color:#1F497D">For the OPs on the list, how many of you envision evolving your services
to LoA 2 if a clear path could be developed and agreed to? </span></p>
<p><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p><span style="font-size:11.0pt;color:#1F497D">We should certainly not constrain ourselves to what current OPs
intend to support, but we should also be pragmatic about the rate at which we
evolve the technology cognizant of whether and when any OPs would commit to making
the necessary changes to support the upgrade.</span></p>
<p><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<div>
<p><span style="font-size:11.0pt;color:navy">Looking forward to feedback from others.</span></p>
<p><span style="font-size:11.0pt;color:navy"><br>
Brian</span></p>
<p><b><span style="font-size:11.0pt;color:navy">___________</span></b><span style="font-size:11.0pt;color:navy"></span></p>
<p><b><span style="font-size:11.0pt;color:#1F497D"> </span></b></p>
<p><b><span style="font-size:11.0pt;color:navy"><a href="http://www.linkedin.com/pub/0/10/254" target="_blank">Brian Kissel</a></span></b><span style="font-size:11.0pt;color:#1F497D"></span></p>
<p><b><span style="font-size:11.0pt;color:navy">CEO, JanRain - </span></b><b><i><span style="font-size:11.0pt;color:#333399">OpenID-enable your websites,
customers, partners, and employees</span></i></b><span style="font-size:11.0pt;color:navy"></span></p>
<p><span style="font-size:11.0pt;color:navy">5331 SW Macadam Ave., Suite 375, Portland, OR 97239</span></p>
<p><b><span style="font-size:11.0pt;color:navy">Email</span></b><span style="font-size:11.0pt;color:navy">: <a href="mailto:bkissel@janrain.com" target="_blank"><span style="color:navy">bkissel@janrain.com</span></a>
<b>Cell</b>: 503.866.4424 <b>Fax</b>: 503.296.5502</span></p>
</div>
<p><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p><b><span style="font-size:10.0pt">From:</span></b><span style="font-size:10.0pt"> <a href="mailto:openid-specs-bounces@lists.openid.net" target="_blank">openid-specs-bounces@lists.openid.net</a>
[mailto:<a href="mailto:openid-specs-bounces@lists.openid.net" target="_blank">openid-specs-bounces@lists.openid.net</a>] <b>On Behalf Of </b>John Bradley<br>
<b>Sent:</b> Thursday, August 13, 2009 10:00 AM<br>
<b>To:</b> Chris Messina<br>
<b>Cc:</b> <a href="mailto:openid-specs@lists.openid.net" target="_blank">openid-specs@lists.openid.net</a><br>
<b>Subject:</b> Re: specs Digest, Vol 36, Issue 1</span></p>
</div>
</div><div><div></div><div class="h5">
<p> </p>
<p>Chris</p>
<div>
<p> </p>
</div>
<div>
<p>I think we are agreeing. OpenID needs to play to it's
strengths. Chasing shiny things is tempting.</p>
</div>
<div>
<p> </p>
</div>
<div>
<p>We need to carefully consider the impact of changes. </p>
</div>
<div>
<p> </p>
</div>
<div>
<p>That is not to say that openID shouldn't evolve. </p>
</div>
<div>
<p> </p>
</div>
<div>
<p>There are always tradeoffs. </p>
</div>
<div>
<p> </p>
</div>
<div>
<p>Remember that a GSA LoA 2 or 3 profile is focused on the Gov
accepting the assertions for specific uses.</p>
</div>
<div>
<p> </p>
</div>
<div>
<p>Other people are free to make there own determinations for
other use cases.</p>
</div>
<div>
<p> </p>
</div>
<div>
<p>I am interested in finding out if IdP really want to be
certified at LoA 2 with all of the extra identity
proofing, liability and other things that go with that.</p>
</div>
<div>
<p> </p>
</div>
<div>
<p>A LoA 2 certification for a IdP involves a lot more than
just tweaking some protocol peaces.</p>
</div>
<div>
<p> </p>
</div>
<div>
<p>Are there OPs that want that?</p>
</div>
<div>
<p> </p>
</div>
<div>
<p>John B.</p>
<div>
<div>
<p>On 13-Aug-09, at 9:11 AM, Chris Messina wrote:</p>
</div>
<p><br>
<br>
</p>
<p>On Thu, Aug 13, 2009 at 8:34 AM, John Bradley <<a href="mailto:jbradley@mac.com" target="_blank">jbradley@mac.com</a>> wrote:</p>
<div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<p>Some may ask if we add artifact binding, signatures and
encryption are we not reinventing SAML Web SSO, or something of equal
complexity?</p>
</blockquote>
</div>
<p><br>
I would like to know more about this, but my instinct is always to say
"NO" for as long as possible when any new feature will a) introduce
complexity and b) stifle or impair potential adoption.</p>
<div>
<p> </p>
</div>
<div>
<p>That we've come as far as we have is a feat; maintaining
that momentum is critical — and that means making good on the promise of what
OpenID offers *today* — and only extending it with real world examples where
people are implementing kludges (en masse) to serve a common need.<br clear="all">
</p>
</div>
<div>
<p>Chris</p>
</div>
<div>
<p><br>
-- <br>
Chris Messina<br>
Open Web Advocate<br>
<br>
Personal: <a href="http://factoryjoe.com" target="_blank">http://factoryjoe.com</a><br>
Follow me on Twitter: <a href="http://twitter.com/chrismessina" target="_blank">http://twitter.com/chrismessina</a><br>
<br>
Citizen Agency: <a href="http://citizenagency.com" target="_blank">http://citizenagency.com</a><br>
Diso Project: <a href="http://diso-project.org" target="_blank">http://diso-project.org</a><br>
OpenID Foundation: <a href="http://openid.net" target="_blank">http://openid.net</a><br>
<br>
This email is: [ ] bloggable [X] ask first [ ]
private</p>
</div>
</div>
<p> </p>
</div>
</div></div><p><br>
<br>
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4330 (20090812) __________<br>
<br>
The message was checked by ESET NOD32 Antivirus.<br>
<br>
<a href="http://www.eset.com" target="_blank">http://www.eset.com</a><br>
<br>
<br>
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4332 (20090813) __________<br>
<br>
The message was checked by ESET NOD32 Antivirus.<br>
<br>
<a href="http://www.eset.com" target="_blank">http://www.eset.com</a></p>
</div>
</div>
<br>_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a><br>
</div>