+1 That's why I'm putting my newfound free time into understanding AX2
and CX today. Are any other groups working on this?
--j
On Dec 18, 2009, at 3:54 PM, Dick Hardt wrote:
One of the my objectives with OpenID was that that OP was *only*
authoritative about the user's OpenID -- not anything else.
Other attributes would ideally be asserted by parties that are
already trusted to make those assertions. The OP would be the
clearing house for those verified attributes, but would not be the
authority. For example, I may get a claim from the government
binding my OpenID to my name and date of birth. I could then present
that claim along with my OpenID to an RP. If they trust the
government (or whichever entity generated the claim), then they have
"confidence" in my name and date of birth.
The binding of the attributes to an OpenID would be a verification
process done in a manner that RPs have trust.
Trust is a social issue, not a technical issue. I believe that
certifying OPs and developing yet-another-identity verification
process is much more effort than getting existing trusted
authorities to make claims. Existing authorities are already in the
business of being authorities, and already are trusted. I have
talked to numerous existing authorities that are interested in
making claims about users.
Unfortunately, OpenID has not yet standardized how to represent,
request or verify digital claims. Hopefully that is something we
work on sooner then later.
-Dick
-----Original Message-----
From: Chris Obdam [mailto:[email protected]] On Behalf Of Chris
Obdam
Sent: Friday, December 18, 2009 1:37 PM
To: Dick Hardt
Cc: Joseph Anthony Pasquale Holsten; [email protected]
Subject: Re: backchannel/endpoint URLs, desired attributes
We are still working on that. We are now enquiring the involved OP's
about their current verifying methods. We hope to create a public
inventory of methods out of that. We don't think that there will be a
'right way'
Cheers,
Chris Obdam
Stichting OpenID NL (Dutch OpenID foundation)
Op 18 dec 2009, om 22:27 heeft Dick Hardt het volgende geschreven:
I'd be interested to hear what "the right way" is for verifying
attributes.
-Dick
-----Original Message-----
From: [email protected] [mailto:openid-specs-
[email protected]] On Behalf Of Chris Obdam
Sent: Friday, December 18, 2009 1:13 PM
To: Joseph Anthony Pasquale Holsten
Cc: [email protected]
Subject: Re: backchannel/endpoint URLs, desired attributes
Joseph,
Over here in Holland (strange country..;-)) we are creating a group
of
certified OP's from who we check if the attributes are verified in
the
right way.
I know it's not that OPEN. But we don't see any other solution yet.
Cheers,
Chris Obdam
Stichting OpenID NL (Dutch OpenID foundation)
Op 18 dec 2009, om 13:08 heeft Joseph Anthony Pasquale Holsten het
volgende geschreven:
Peter Watkins supposedly wrote:
I'm responsible for a City government web site, so not large but
perhaps representative of a large set of potential RPs:
...
We'd love to get metadata about the attributes, too -- date on
which
the email address was verified, whether the OP vouches that the
avatar
is actually a picture of the individual, etc.
If I may pry, what do you plan to do with verified attributes? For
example, I intend for my self hosted OP to tell everyone that I
last
verified my email before I was born. I'm as interested in the user
interface implications as the security ones.
--
Joseph Holsten
http://josephholsten.com
mailto:[email protected]
tel:+1-918-948-6747
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
