> From: Dan Connolly [mailto:[EMAIL PROTECTED]
> Yes... it's clear to me how I can use an OpenID persona in > the bloggy wiki world, but I also want to use it for calendar > synchronization, banking and bill paying and getting credit > card statements... > maybe even with OFX and quicken. I can't seem to work that > out in my head. OK lets look at what is reachable. Blogs, Wikis - More than sufficient today. HR related extranet - Probably acceptable, need security analysis Purchasing extranet - Possibly with many constraints Frequent flyer - Some issues to consider Online banking - Faces major issues of liability > Is this a case of "doctor, doctor, it hurts when I do that; so don't"? > Or does anybody expect that it will, in fact, scale up? Any > pointers to reading material would be appreciated. I think it can be made to scale up, the question is having to do the application specific security analysis for each case. This is not about the protocol security, phishing has proved that security of the application is not just about transport security. We need to do a security review for each application. In the bloggy, wiki world the value of the ability to make comments is clearly greater than zero but I have a hard time seeing much of a motivation. In the banking application we are going up against criminal gangs currently making up to $50 million per year. _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
