Seamless site-to-site account creation and login via OpenID

[Martin Atkins]

Drummond Reed wrote:
> 
> The remaining issue is privacy. Site A reveals the identifier the user used
> with Site A to Site B. With OpenID 2.0, the user can have site-specific
> identifiers ("directed identity"). The whole idea of directed identity is
> that you don't have to reveal the same identifier to different sites, and
> yet you still get single sign-on and profile exchange.
> 

There's little that you can do about that when dealing with colluding 
sites anyway. Even if it's not written down in a spec, it's trivial for 
one site to pass this information to another without the user's permission.

I think it's worthwhile writing down a spec for this if only so that 
there'll be (hopefully) well-written and well-tested libraries that 
everyone can use rather than everyone rolling their own. It doesn't need 
to be part of OpenID at all, really; it can be built on top.