LJ munging OpenID comments?
Kurt Raschke
kurt at raschke.net
Tue Sep 20 13:21:27 PDT 2005
On Sep 20, 2005, at 1:07 PM, Zefiro wrote:
> Please DO see the difference between 'not anonymous' and 'not spam'.
All right, all right. So if OpenID is the "not anonymous", then
where's the "not spam" part? Do we build a web-of-trust system on
top of OpenID, or what?
Or do I just send off my credit history and a DNA sample to LiveJournal?
> It's completely ok if LJ chooses to handle other identification
> methods differetly than their own users (who are bound to their
> terms, they have some date, captcha, etc). But it is not ok to keep
> insisting that OpenID users are anonymous users. Repeating
> the sentence about trust doesn't change anything, as this OpenID !=
> anonymous does say nothing about trust, and the spec
> explicitely stating that it says nothing about trust does not
> confirm in any way that OpenID is anonymous. After all, this is
> the whole (and only) point in OpenID.
Okay, so OpenID users are not anonymous. But, as I've said before,
there's a step missing--if LJ binds their own users to a TOS,
collects data, etc., then why not do that same process the first time
a given OpenID identity tries to authenticate?
To put it another way:
Look at the OpenID wiki, then look at Wikipedia. Both use accounts
to identify users, but one uses OpenID to actually perform that
identification, and one uses an email address and password. But
there's still an account being created, no matter how you look at
it. And if an account is being created, then there's an opportunity
to show a TOS, or demand more information, or whatever. Of course,
if you're demanding more information from a user, then that opens the
door to automation through some type of profile-exchange mechanism on
top of OpenID.
-Kurt
More information about the yadis
mailing list