> > 2. IANAL, but in the absence of any agreement between the
> Institution
> > and the OpenID OP, the Institution may be liable if the OpenID OP
> > screws things up at their end.
> >
> Surely it would be exactly the same as if a user's password
> was stolen whether through carelessness or through the use of
> the samne password on multiple sites. Doesn't the the burden
> of trust here lie on the user to keep their OpenID safe and
> to notify the university immediatley if there is a problem
> with their provider.
In the context of the UK federation, authentication of End Users 'is the
responsibility of the relevant End User Organisation' (Sec 7.3.1).
josh.
JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
|