Under the trust frameworks being developed by the OIDF for US ICAM and others, there would be something similar to a CPS for openID providers who have been certified against a profile.
John B. On 2009-12-10, at 10:30 AM, Thomas Hardjono wrote: > Hi folks, > > I'm jumping in late to this discussion (apologies). > > I was wondering of OpenID providers (or those wanting > to be one) have plans to publish something equivalent > to a PKI Certificate Practices Statement? > Something like VeriSign's CPS statement: > https://www.verisign.com/repository/cps/index.html > > Most folks that I've met either don't know about CPS docs or > belittle it as something bureaucratic. But its actually > an all-important doc that Enterprise-CA customers > of VeriSign take into serious consideration when > signing-up for services. > > In the Idp/OpenID context, I'm finding it kind of > difficult to imagine signing-up > to an IdP without something equivalent. > The approach of "just trust us since we already have > your credit score and other financial information" > will not fly (and may become the failure point for > rolling out IdP/OpenID services). Especially with the > ongoing loss of customer data by various > organizations without much penalties. > > /thomas/ > > _______________________________________________ > security mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-security
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ security mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-security
