Hi Thomas, The current thinking here, is that OpenID is all about synchronous signatures. Which I happen to agree with. So we need to work within the framework. Disclaimer: I am not an expert here, this is only my understanding. Anyone please correct me if I am wrong.
Thanks Santosh On Thu, Dec 10, 2009 at 9:00 PM, Thomas Hardjono <[email protected]> wrote: > Hi folks, > > I'm jumping in late to this discussion (apologies). > > I was wondering of OpenID providers (or those wanting > to be one) have plans to publish something equivalent > to a PKI Certificate Practices Statement? > Something like VeriSign's CPS statement: > https://www.verisign.com/repository/cps/index.html > > Most folks that I've met either don't know about CPS docs or > belittle it as something bureaucratic. But its actually > an all-important doc that Enterprise-CA customers > of VeriSign take into serious consideration when > signing-up for services. > > In the Idp/OpenID context, I'm finding it kind of > difficult to imagine signing-up > to an IdP without something equivalent. > The approach of "just trust us since we already have > your credit score and other financial information" > will not fly (and may become the failure point for > rolling out IdP/OpenID services). Especially with the > ongoing loss of customer data by various > organizations without much penalties. > > /thomas/ > > _______________________________________________ > security mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-security > -- http://hi.im/santosh
_______________________________________________ security mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-security
