Allowing all sites access

Martin Atkins mart at
Wed May 18 14:35:43 PDT 2005

Andrew Ducker wrote:
> I've been trying to work out a reason I wouldn't allow any site to 
> verify that is me - they 
> can't think to check that address unless I type it in, and if they do, 
> all it can check is that I'm also logged in as that user on that site.
> That being the case, will it be possible to state that I'd like to 
> authorise all sites to verify my identity, rather than authorise them 
> one at a time?

Oops. I guess I misinterpreted "site" as "identity server". I see what 
you mean now.

The only case where it's really harmful is where a random site wants to 
know "is Andrew viewing me?". Drama-like situations where you've had a 
falling out with someone and they want to know if you are reading their 
blog spring to mind. Other than that, there's not really any harm in it 
because the sites can only find out if a specific ID applies, not a list 
of all IDs that apply.

More information about the yadis mailing list