On 2009-12-18, at 2:48 PM, Breno de Medeiros wrote: Dick,
On Fri, Dec 18, 2009 at 1:54 PM, Dick Hardt <[email protected]<mailto:[email protected]>> wrote: One of the my objectives with OpenID was that that OP was *only* authoritative about the user's OpenID -- not anything else. Other attributes would ideally be asserted by parties that are already trusted to make those assertions. The OP would be the clearing house for those verified attributes, but would not be the authority. For example, I may get a claim from the government binding my OpenID to my name and date of birth. I could then present that claim along with my OpenID to an RP. If they trust the government (or whichever entity generated the claim), then they have "confidence" in my name and date of birth. I think few would dispute that if we had the techniques and tools and library support to make this work well and widely, it would be A Good Thing. The devil is in the details. We would need to spec how to make and sign such claims, how to find out who is authoritative for a particular type of claim, have a key management and revocation for claim issuers, etc. There is an increasing recognition of the value in tackling this. But so far I have not heard enough in the OIDF mailing lists to sense the level of commitment that would be necessary to push such work through. The European Union has been sponsoring an effort to build such an infrastructure, but it's not clear at this point if/when it will be available or if it will be suitable for the consumer web ecosystem at all. Agreed there is much work to do. Perhaps a number of us will find to work on it in 2010? :-) -- Dick
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
