Security/identity · 2007-06-22

OpenID non-assertion covenant news

David Recordon reports that VeriSign has issued a non-assertion covenant on OpenID that’s very similar to Sun’s model. This is very healthy for the OpenID developer community! I hope to see more such announcements from other players.

I see that the VeriSign language is more restrictive in one important way: it promises not to assert “claims necessary for the implementation” of OpenID. I discussed this a bit when Sun announced its covenant, and Simon Phipps went into more detail (look for his “essential claims” commentary). That said, this is definitely progress…