Seamless site-to-site account creation and login via OpenID
Martin Atkins
mart at degeneration.co.uk
Tue Aug 29 10:04:56 UTC 2006
Drummond Reed wrote:
>
> The remaining issue is privacy. Site A reveals the identifier the user used
> with Site A to Site B. With OpenID 2.0, the user can have site-specific
> identifiers ("directed identity"). The whole idea of directed identity is
> that you don't have to reveal the same identifier to different sites, and
> yet you still get single sign-on and profile exchange.
>
There's little that you can do about that when dealing with colluding
sites anyway. Even if it's not written down in a spec, it's trivial for
one site to pass this information to another without the user's permission.
I think it's worthwhile writing down a spec for this if only so that
there'll be (hopefully) well-written and well-tested libraries that
everyone can use rather than everyone rolling their own. It doesn't need
to be part of OpenID at all, really; it can be built on top.
More information about the yadis
mailing list