Hi folks, I'm jumping in late to this discussion (apologies).
I was wondering of OpenID providers (or those wanting to be one) have plans to publish something equivalent to a PKI Certificate Practices Statement? Something like VeriSign's CPS statement: https://www.verisign.com/repository/cps/index.html Most folks that I've met either don't know about CPS docs or belittle it as something bureaucratic. But its actually an all-important doc that Enterprise-CA customers of VeriSign take into serious consideration when signing-up for services. In the Idp/OpenID context, I'm finding it kind of difficult to imagine signing-up to an IdP without something equivalent. The approach of "just trust us since we already have your credit score and other financial information" will not fly (and may become the failure point for rolling out IdP/OpenID services). Especially with the ongoing loss of customer data by various organizations without much penalties. /thomas/ _______________________________________________ security mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-security
