This sounds like a very cool feature. Can we use the registry to store
these as a special media type? That way the registry itself can have this
notion .. given the registry is our basis of "socialness", that seems like
the right thing to me.
Thoughts?
(cc'ed reg-dev)
Sanjiva.
Prabath Siriwardena wrote:
The post [1] hints about the concept of social white listing as a
mechanism for avoiding spams and restricting access to a set of trusted
users, in a much scalable manner.
This concept can be further extended with our OpenID Provider and OpenID
relying party components.
With this, OpenID Provider will enable it's users to maintain (a) white
list(s) under their corresponding accounts.
A given white list contains a set of OpenIDs where the corresponding
user trusts.
A white list entry also can be either an OpenID [prabath.myopenid.com]
or a wild card entry [*.myopenid.com --> I trust all the users from
myopenid.com].
The user can add entries to the white list manually one by one or can be
imported from a file [e.g: [2] shares a set of white-listed OpenIDs].
OpenID Provider defines an attribute under the OpenID Attribute Exchange
to contain a white list of a given user [http://axschema.org/whitelist].
OpenID relying party components will enable the support;
1. To maintain a white list at the RP end
2. Request users' white list at the time they log in
3. Share the white list with the rest.
Flow
----
1. User registers him self with an OpenID Provider. [user gets an OpenID]
2. User logs into the OpenID Provider and populates his white list.
3. User visits RP web site and types his OpenID for login.
4. RP finds the given user is in it's white list [initially the RP admin
will populate it's white list with a set of trusted users]
5. User will be redirected to the OpenID Provider for the authentication
+ request to his white list
6. At OpenID Provider user authenticates successfully and approves the
request for the white list
7. User logs into the RP successfully and RP updates it's white list
Appreciate a lot your thoughts.
Thanks & regards.
- Prabath
[1]: http://simonwillison.net/2007/Jan/22/whitelisting/
[2]: http://simonwillison.net/comments/whitelist/
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
--
Sanjiva Weerawarana, Ph.D.
Founder, Chairman & CEO; WSO2, Inc.; http://www.wso2.com/
email: [EMAIL PROTECTED]; cell: +1 650 265 8311 | +94 77 787 6880
"Oxygenating the Web Service Platform."
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
