trust root sanity
Brian Ellin
brian at janrain.com
Tue Jun 21 17:56:26 PDT 2005
Hello Open Id Folks,
I'm writing some trust root code, and reading from the version 0 spec:
"You can try to pass things like http://*.com/ or http://*.co.uk/, but
any respectable identity server will protect their users from that."
So what exactly is a sane trust root? Is there any reasonable way of
determining trust root sanity, and at what point do we leave it in the
user's hands?
For example is the large umbrella of http://*.k12.va.us/ sane?
What about just private schools in va: http://*.pvt.k12.va.us/ ?
In my opinion, neither of the above examples are sane, but how could the
server possibly know?
Thanks,
Brian Ellin
More information about the yadis
mailing list