On Thu, 2006-10-05 at 13:25 +1000, Chris Drake wrote:
> Hi Kevin,
> Sounds like you're leaning towards a root authority for IdPs who can
> audit procedures and verify protection in order to sign the IdP's
> keys?

Woah, slow down there.  I won't say this is completely crazy talk, but I
want to be careful about what words are put in my mouth.  ;)  

The description that introduced a lot of people to OpenID was "a
decentralized identity system, but one that's actually decentralized and
doesn't entirely crumble if one company turns evil or goes out of

I think systems with root authorities are prone to crumbling if the root
authority turns evil or goes out of business.

Furthermore, the "it's easy to switch IdPs; it's easy to run your own
IdP" property is very important to OpenID.  This goes away if there's a
root authority you have to be audited/verified by before anyone will
talk to you.

There's my word of caution for now.  Gabe and Dick have both said some
good things about how to consider these issues now and going forward.

specs mailing list

Reply via email to