Trust/threat model for OpenID

Roland Sassen sassen at
Wed Aug 2 19:43:10 UTC 2006

Hello Dan, a solution for your bike-ride organization could be to use  
HEARTBEAT-ID  numbers.
Such a number is obtained by an organization, for example <>

or by an person, for example <>

At the site, people who want to make a 
registration and people who like to be a volunteer  can make their 
registration, as usual, or they just give in here their personal 
heartbeat-id number. The (up to date)  information about the person will 
then be obtained from their personal heartbeat-id web-site. When some 
personal information is changed, the people themselves change this on 
their heartbeat-id site.

James and Jim with a common last name now have a unique heartbeat-id number!

"what time various individuals passed through each of several different 
People could have their heartbeat-id number on their shirt. A camera and 
a computer will do the rest.
In some time we will be able to scan their real unique heartbeats, no 
number on a shirt needed anymore.

"If I send them mail, to whom do I address it?"
To change the information on their heartbeat-id sites, people will be 
able to login with their i-name,
This is a (I think very good) suggestion of  =victor.grey. 
For this to be possible we will implement OpenId and a i-names connector.

On their side, people can put the email address of their choice, 
preferable their i-name
Also they can tell if they belong to some clubs, have some memberships etc.

"And when I get it wrong people notice, and comment. "
In this way you cannot do much wrong, every person is responsible for 
her or his
own contact information.


Dan Lyke wrote:
> On Tue, 01 Aug 2006 13:40:37 -0700, Dan Lyke wrote:
>> As a potential user I'm much more interested in building a consistent 
>> identity between sites than in building a bunch of little Balkanized 
>> identities. That's one of the reasons that YADIS/LID/OpenID excite me 
>> so much, they're the opportunity for me to have a finite number of 
>> online identities.
> Oh, I should also add...
> I'm currently co-volunteer coordinator for an organized bike ride (The 
> Marin Century/Mt Tam Double). This coming weekend we're expecting 
> somewhere on the order of 2,200 people to descend on us, and we have 
> to make sure that those people have a safe route (six of them, 
> actually, from 31 to 200 miles), a large variety of foods, adequate 
> water, emergency and support services, a cheerleading section, and, 
> for about 250 of them, we need to verify to the California Triple 
> Crown organization at what time various individuals passed through 
> each of several different checkpoints. This is not an easy task. Even 
> the subset which is making sure that each of the stations to serve 
> these folks has enough warm bodies isn't an easy task.
> The levels to which we're going? Next year we're looking at RFID tags 
> in bibs and gates at rest stops to track individual riders (ie: when 
> can we close a rest stop? is it likely that someone's off course or 
> having problems? even when is the next big group going to hit this 
> rest stop so we can cut up fruit and have it fairly fresh?). This 
> year, several of our sag vehicles will have transponders that'll 
> transmit their position back to a big projected map at headquarters, 
> in an area with no cell phone coverage.
> To coordinate the hordes of people necessary to put this on I have to 
> convince well off residents of one of the richest regions in the 
> country that they'd really enjoy spending a day in the hot sun doing 
> the sort of counter-service work that their high school kids normally 
> get paid $10/hr to do; thus I need to show each person that I contact 
> that I care about *them*, that I want them to be a part of our team, 
> because this isn't about serving food and doing menial labor, this is 
> about building community, meeting cool people, and having *fun* (damn 
> it!). I'm looking at our membership roster, I'm going through our 
> volunteer list from last year, and I'm tapping three different other 
> organizations, each of which has overlapping membership with ours, and 
> there are a few others that are taking care of their own organization 
> but that have overlapping membership. This is making me *very* 
> conscious of issues in identity.
> Are James and Jim with a common last name the same person? Bob Smith 
> is signed up as a "family" member, is Nancy Smith his wife? George 
> Smith their son? Do we contact them three times, or one? The phone 
> number we have for the two entries is different, is one a cell phone 
> and one a home phone? George and Martha have the same email address, 
> is that a transcription error, or do they live together and share an 
> email address? If I send them mail, to whom do I address it? In in at 
> least one place that's an outdated entry and those people have gotten 
> divorced, so mis-addressing them is going to at the very least lose me 
> a volunteer.
> Dealing with these very real world identity issues has consequences. 
> People hate to get emailed or called multiple times, especially when 
> they've already volunteered or said "no, I'm out of town". Nothing 
> here is life or death, but I'm trying to write Perl scripts to make 
> sense of four or five different lists and treat each person as 
> politely as they, who are putting in tremendous efforts for our 
> various organizations, deserve.
> And when I get it wrong people notice, and comment.
> Yes, there are potential privacy issues with having a single 
> identifier for each of these people, and as a libertarian nerd I'm 
> conscious of many of them, but between me and the people I'm 
> contacting I think most of them would be absolutely overjoyed at the 
> advantages that a single identifier confer.
> Email is kind of that identifier for this task, although it isn't 
> universal, but even that has shifted some in the year that we have a 
> member as active. Phone numbers really have.
> Next year what I want to do is build a web page where people can go to 
> sign up to help out, and we're going to need to correlate those 
> sign-ups with the various spreadsheets and databases and printouts 
> that we have now, and we're going to be adding a few other helper 
> organizations.
> Most of those people aren't technically savvy enough to understand why 
> they would or wouldn't want a single ID, but they sure'll tell me when 
> the lack of that ID causes me to call 'em extra times, or email them 
> too much, or whatever.
> Today I've been re-assigning people, trying to keep track of who's 
> working where, shuffling folks around, and this is a real world 
> problem that I need to solve, 'cause when someone's put "B Smith" on a 
> note on a spreadsheet, I have to know if that's "Bob" or "Barbara". If 
> I can get enough penetration with YADIS and OpenID or LID or whatever 
> *right now*, a whole bunch of people will be happier.
> And *none* of them care that the Leukemia and Lymphoma Society knows 
> that they're the same person who signed up with the Marin Cyclists, 
> but most of them would be quite happy if they didn't end up with 
> double the mailing list load because of their membership in both 
> groups, or that contacts from both groups could be more focused and 
> more personalized because of that sharing of knowledge.
> Which is why I'm so intent on solving the problem ahead of me, and 
> letting the other ones work themselves out when they become an issue.
> Dan

-------------- next part --------------
Skipped content of type multipart/related

More information about the yadis mailing list