One of the my objectives with OpenID was that that OP was *only* authoritative about the user's OpenID -- not anything else.
Other attributes would ideally be asserted by parties that are already trusted to make those assertions. The OP would be the clearing house for those verified attributes, but would not be the authority. For example, I may get a claim from the government binding my OpenID to my name and date of birth. I could then present that claim along with my OpenID to an RP. If they trust the government (or whichever entity generated the claim), then they have "confidence" in my name and date of birth. The binding of the attributes to an OpenID would be a verification process done in a manner that RPs have trust. Trust is a social issue, not a technical issue. I believe that certifying OPs and developing yet-another-identity verification process is much more effort than getting existing trusted authorities to make claims. Existing authorities are already in the business of being authorities, and already are trusted. I have talked to numerous existing authorities that are interested in making claims about users. Unfortunately, OpenID has not yet standardized how to represent, request or verify digital claims. Hopefully that is something we work on sooner then later. -Dick > -----Original Message----- > From: Chris Obdam [mailto:[email protected]] On Behalf Of Chris > Obdam > Sent: Friday, December 18, 2009 1:37 PM > To: Dick Hardt > Cc: Joseph Anthony Pasquale Holsten; [email protected] > Subject: Re: backchannel/endpoint URLs, desired attributes > > We are still working on that. We are now enquiring the involved OP's > about their current verifying methods. We hope to create a public > inventory of methods out of that. We don't think that there will be a > 'right way' > > Cheers, > > Chris Obdam > Stichting OpenID NL (Dutch OpenID foundation) > > Op 18 dec 2009, om 22:27 heeft Dick Hardt het volgende geschreven: > > > I'd be interested to hear what "the right way" is for verifying > attributes. > > > > -Dick > > > >> -----Original Message----- > >> From: [email protected] [mailto:openid-specs- > >> [email protected]] On Behalf Of Chris Obdam > >> Sent: Friday, December 18, 2009 1:13 PM > >> To: Joseph Anthony Pasquale Holsten > >> Cc: [email protected] > >> Subject: Re: backchannel/endpoint URLs, desired attributes > >> > >> Joseph, > >> > >> Over here in Holland (strange country..;-)) we are creating a group > of > >> certified OP's from who we check if the attributes are verified in > the > >> right way. > >> I know it's not that OPEN. But we don't see any other solution yet. > >> > >> Cheers, > >> > >> Chris Obdam > >> Stichting OpenID NL (Dutch OpenID foundation) > >> > >> Op 18 dec 2009, om 13:08 heeft Joseph Anthony Pasquale Holsten het > >> volgende geschreven: > >> > >>> Peter Watkins supposedly wrote: > >>> > >>>> I'm responsible for a City government web site, so not large but > >>>> perhaps representative of a large set of potential RPs: > >>> ... > >>>> We'd love to get metadata about the attributes, too -- date on > which > >>>> the email address was verified, whether the OP vouches that the > >> avatar > >>>> is actually a picture of the individual, etc. > >>> > >>> If I may pry, what do you plan to do with verified attributes? For > >> example, I intend for my self hosted OP to tell everyone that I last > >> verified my email before I was born. I'm as interested in the user > >> interface implications as the security ones. > >>> > >>> -- > >>> Joseph Holsten > >>> http://josephholsten.com > >>> mailto:[email protected] > >>> tel:+1-918-948-6747 > >>> > >>> _______________________________________________ > >>> specs mailing list > >>> [email protected] > >>> http://lists.openid.net/mailman/listinfo/openid-specs > >> > >> _______________________________________________ > >> specs mailing list > >> [email protected] > >> http://lists.openid.net/mailman/listinfo/openid-specs > > > _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
