Trust/threat model for OpenID

Ben Hyde bhyde at pobox.com
Mon Jul 31 20:19:10 UTC 2006


On Jul 31, 2006, at 1:15 PM, Drummond Reed wrote:
> As far as "the default behavior", that's not quite the
> right question:

I beg to differ :-).

> this is a feature that an OpenID IdP/i-broker either
> implements or not. If they've implemented it, a user can do  
> anonymous login
> simply by using the identifier of their IdP/i-broker. So it's up to  
> a user
> whether they want to be anonymous or not.

Right, agreed, assuming somebody demonstrates that it's implementable.

But really, isn't that the wrong design?

  - ben


More information about the yadis mailing list