Trust/threat model for OpenID
Ask Bjørn Hansen
ask at develooper.com
Sun Jul 30 17:52:27 UTC 2006
On Jul 31, 2006, at 0:04, Ben Hyde wrote:
>> However, this is not to say, a site (Craigslist for instance) can't
>> piggyback OpenID on top of its anonymizing code and provide its users
>> with an anonymous URL that can be asserted without tying it to an
>> individual user:
> That would help this issue. Is this possible?
Yes, trivial-ish even. (at least it is with the original OpenID spec).
It reminds me of one of my credit card banks letting me create
"virtual" account numbers to give to less trusted vendors. (I can
set time and money limits separately for each extra number).
More information about the yadis