Trust/threat model for OpenID
Dick Hardt
dick at sxip.com
Tue Aug 1 05:08:34 UTC 2006
Ben
In our implementations of a Homesite, we let the user select which
persona they want to be at a new site. One of those is an "anonymous"
persona that will have a unique URL for each site.
This lets the user decide on a site by site basis what is disclosed.
-- Dick
For those of you reading between the lines, Sxip is working on
supporting OpenID 2.0 now that providing an IdP is possible.
On 31-Jul-06, at 2:32 PM, Johannes Ernst wrote:
> Drummond is on travel, I think, so I'll take the liberty to respond
> to this ...
>
> What is and isn't the right default behavior on issues like this is
> rather hard to determine, unfortunately.
>
> For example, those of us with a background in privacy would argue
> that the default behavior MUST (as in uppercase-MUST) be separate
> identifiers per party. In fact, many are arguing that the whole
> idea of an identifier-based design (URLs, XRIs, any kind of
> identifier) is very wrong in the first place.
>
> On the other hand, we see dramatic market uptake of services like
> MySpace that are a correlator's and too-much-personal-information-
> readily-available dream (as opposed to a privacy advocate's).
> Closer to home, ClaimID and a number of other services wouldn't be
> in existence if they hadn't seen a need/desire by a substantial
> number of people to correlate more, rather than less, of their on-
> line identity. The first thing you do there is enter all your
> unique-identifiers-by-party and say they are all correlated.
>
> So I concur with Drummond: it needs to be a policy decision by the
> implementor. Some will cater to one market, some to the other.
> Specifications should work either way.
>
> Thanks,
>
>
> Johannes.
>
>
> On Jul 31, 2006, at 13:19, Ben Hyde wrote:
>
>> On Jul 31, 2006, at 1:15 PM, Drummond Reed wrote:
>>> As far as "the default behavior", that's not quite the
>>> right question:
>>
>> I beg to differ :-).
>>
>>> this is a feature that an OpenID IdP/i-broker either
>>> implements or not. If they've implemented it, a user can do
>>> anonymous login
>>> simply by using the identifier of their IdP/i-broker. So it's up
>>> to a user
>>> whether they want to be anonymous or not.
>>
>> Right, agreed, assuming somebody demonstrates that it's
>> implementable.
>>
>> But really, isn't that the wrong design?
>>
>> - ben
>
> Johannes Ernst
> NetMesh Inc.
>
> <lid.gif>
> http://netmesh.info/jernst
>
>
>
>
More information about the yadis
mailing list