I m unable to parse this statement.
As noted in the OpenID Connect intro, define "identity" so that everyone can agree on the same definition. Until then, expect to misunderstand unless you are prepared to interpret loosely - i.e., anticipate that you will be seeing different uses of the term and DEAL with it by actively looking for what makes more sense whenever it doesn't make perfect sense already.
As with many other aspects of OpenID it appears that supposition substitutes for fact. Oh lets casually mention some difficult problems / controversial solutions and hope that those discourage argument. I am sorry, but for me, merely invoking the Trusted Computing Group is not an argument.
Tough then, because it wasn't MEANT to be. I assume the intelligence of the people on this list to be such that, if I merely *refer to* a given area, they can remember (or research) the area in question, bringing in the surrounding arguments as additional matters of consideration. Oh, sure, I *could* spend a lot more time explicating everything in all its exhaustive detail, but since that would mean insulting their intelligence and catering to the lowest denominator, I prefer to elaborate as called upon to do so.
If you want to have a serious discussion, ask me a question, don't just try to establish strawmen (of the debate variety). If you want to see the worst in OpenID, which your attitude reveals an inclination to do, you will continue to perceive (the "appearances" of) supposition substituting for fact, and any other uncharitable interpretation your mind can come up with. If you continue to do so, I'll respond exactly as I have in the past when such individuals intrude upon constructive situations: flip them the bird and walk away.
For the purposes of OpenID there are two points at which we might use PKI as an authentication technology, if we have [email protected] we can assign a public key to Fred or we can assign the key to the domain
The first is beyond our means to have all current users adopt. Also, my understanding of Santosh's proposal was that asymmetric crypto be *mandated* by the OpenID spec; at that point, it would no longer be an optional feature of some OP's. Furthermore, the assertion would still be signed by the *OP*, which doesn't provide identity (as I define it), because OpenID hasn't provided that in the first place (it only provides a method of *trust* for the OP, and RP's must assume "identity" associated with a URI).
-Shade _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
