Trust/threat model for OpenID

Ask Bjørn Hansen ask at
Sun Jul 30 17:52:27 UTC 2006

On Jul 31, 2006, at 0:04, Ben Hyde wrote:

>> However, this is not to say, a site (Craigslist for instance) can't
>> piggyback OpenID on top of its anonymizing code and provide its users
>> with an anonymous URL that can be asserted without tying it to an
>> individual user:
> That would help this issue.  Is this possible?

Yes, trivial-ish even.   (at least it is with the original OpenID spec).

It reminds me of one of my credit card banks letting me create  
"virtual" account numbers to give to less trusted vendors.   (I can  
set time and money limits separately for each extra number).

  - ask

More information about the yadis mailing list