RE: [dix] Re: Dix & OpenId?
"Hallam-Baker, Phillip" <pbaker@verisign.com> Wed, 09 August 2006 16:27 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GAquT-0005RJ-SC; Wed, 09 Aug 2006 12:27:57 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GAquS-0005IH-05 for dix@ietf.org; Wed, 09 Aug 2006 12:27:56 -0400
Received: from robin.verisign.com ([65.205.251.75]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GAquP-00030U-GN for dix@ietf.org; Wed, 09 Aug 2006 12:27:55 -0400
Received: from MOU1WNEXCN02.vcorp.ad.vrsn.com (mailer2.verisign.com [65.205.251.35]) by robin.verisign.com (8.13.6/8.13.4) with ESMTP id k79GRqAl003330 for <dix@ietf.org>; Wed, 9 Aug 2006 09:27:52 -0700
Received: from MOU1WNEXMB04.vcorp.ad.vrsn.com ([10.25.13.157]) by MOU1WNEXCN02.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 9 Aug 2006 09:27:47 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [dix] Re: Dix & OpenId?
Date: Wed, 09 Aug 2006 09:27:48 -0700
Message-ID: <198A730C2044DE4A96749D13E167AD37C66C91@MOU1WNEXMB04.vcorp.ad.vrsn.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [dix] Re: Dix & OpenId?
Thread-Index: Aca7ztssW42RkuW3TmO/y0gup9KfmwAAKQGQ
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: Digital Identity Exchange <dix@ietf.org>
X-OriginalArrivalTime: 09 Aug 2006 16:27:47.0247 (UTC) FILETIME=[BFD273F0:01C6BBD0]
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 97adf591118a232206bdb5a27b217034
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org
> From: Dan Connolly [mailto:connolly@w3.org] > Yes... it's clear to me how I can use an OpenID persona in > the bloggy wiki world, but I also want to use it for calendar > synchronization, banking and bill paying and getting credit > card statements... > maybe even with OFX and quicken. I can't seem to work that > out in my head. OK lets look at what is reachable. Blogs, Wikis - More than sufficient today. HR related extranet - Probably acceptable, need security analysis Purchasing extranet - Possibly with many constraints Frequent flyer - Some issues to consider Online banking - Faces major issues of liability > Is this a case of "doctor, doctor, it hurts when I do that; so don't"? > Or does anybody expect that it will, in fact, scale up? Any > pointers to reading material would be appreciated. I think it can be made to scale up, the question is having to do the application specific security analysis for each case. This is not about the protocol security, phishing has proved that security of the application is not just about transport security. We need to do a security review for each application. In the bloggy, wiki world the value of the ability to make comments is clearly greater than zero but I have a hard time seeing much of a motivation. In the banking application we are going up against criminal gangs currently making up to $50 million per year. _______________________________________________ dix mailing list dix@ietf.org https://www1.ietf.org/mailman/listinfo/dix
- [dix] Dix & OpenId? David Fuelling
- [dix] Re: Dix & OpenId? Dick Hardt
- RE: [dix] Re: Dix & OpenId? Hallam-Baker, Phillip
- RE: [dix] Re: Dix & OpenId? Dan Connolly
- RE: [dix] Re: Dix & OpenId? Hallam-Baker, Phillip
- RE: [dix] Re: Dix & OpenId? Dan Connolly
- RE: [dix] Re: Dix & OpenId? Recordon, David