[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [orms] Use Case - OpenID RP Reputation in Trusted Exchange
Hi Nate, I wrote my answers inline below. Tatsuki Sakushima NRI Pacific - Nomura Research Institute America, Inc. TEL:(650)638-7258 SkypeIn:(650)209-4811 Nate Klingenstein さんは書きました: > Tatsuki, > > Thank you for sharing this use case. I have several questions about it. > > 1) Do you view the reputation of the OP as important, or only the > reputation of the RP? If you don't care about the OP's reputation, why? In general, we need reputation for both OP and RP. In terms of the OpenID Trusted Exchange(TX) use case, we are focus on RP reputation, because OP holds important information and provides it to RP based on user's agreement and contract between OP and RP. In the TX process, RP has to present a contract template and to declare how they are handling user's information. Since OP provides user's information to RP behalf of the user, we think OP need some means to validate credibility of RP. Therefore we are interested in reputation services. We care about OP's reputation. But it is not required in our use case. For RPs to decide if OP is trustworthy to work with, we might need another reputation services. But this is currently out of scope in our spec. > 2) How do providers decide which reputation service to use and trust, > since anyone can set one up? We are expecting that reputation services or realm organizers are likely to be the same role as SSL certificate providers for web sites. The difference from SSL providers is that OP's credibility is built on OP's history of behavior and evaluation from many RPs. > 3) What information about a provider can be communicated in the > reputation request/response messages? Is it just a score? In the current spec, the messages include a score and a public key of RP. The public key is only used for OP checking a signature in a contract template(a sort of proposal) presented by RP and OP encrypting user's data passed to RP. I hope I answered your questions. Tatsuki > > Take care, > Nate. > > On 11 Jun 2008, at 17:04, Tatsuki Sakushima wrote: > >> Hello, >> >> Attached is another reputation use case around our OpenID >> implementation. Nat has already introduced OpenID Trusted Exchange. I >> extract only a reputation part out of it. >> >> However, the current implementation doesn't include repuation scoring. >> This part is still missing and TBD. >> >> Tatsuki >> >> -- >> Tatsuki Sakushima >> NRI Pacific - Nomura Research Institute America, Inc. >> TEL:(650)638-7258 >> SkypeIn:(650)209-4811<OpenID RP Reputation in Trusted >> Exchange.ppt>--------------------------------------------------------------------- >> >> To unsubscribe from this mail list, you must leave the OASIS TC that >> generates this mail. You may a link to this group and all your TCs in >> OASIS >> at: >> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]