Trust/threat model for OpenID
Johannes Ernst
jernst+lists.danga.com at netmesh.us
Mon Jul 31 21:32:42 UTC 2006
Drummond is on travel, I think, so I'll take the liberty to respond
to this ...
What is and isn't the right default behavior on issues like this is
rather hard to determine, unfortunately.
For example, those of us with a background in privacy would argue
that the default behavior MUST (as in uppercase-MUST) be separate
identifiers per party. In fact, many are arguing that the whole idea
of an identifier-based design (URLs, XRIs, any kind of identifier) is
very wrong in the first place.
On the other hand, we see dramatic market uptake of services like
MySpace that are a correlator's and too-much-personal-information-
readily-available dream (as opposed to a privacy advocate's). Closer
to home, ClaimID and a number of other services wouldn't be in
existence if they hadn't seen a need/desire by a substantial number
of people to correlate more, rather than less, of their on-line
identity. The first thing you do there is enter all your unique-
identifiers-by-party and say they are all correlated.
So I concur with Drummond: it needs to be a policy decision by the
implementor. Some will cater to one market, some to the other.
Specifications should work either way.
Thanks,
Johannes.
On Jul 31, 2006, at 13:19, Ben Hyde wrote:
> On Jul 31, 2006, at 1:15 PM, Drummond Reed wrote:
>> As far as "the default behavior", that's not quite the
>> right question:
>
> I beg to differ :-).
>
>> this is a feature that an OpenID IdP/i-broker either
>> implements or not. If they've implemented it, a user can do
>> anonymous login
>> simply by using the identifier of their IdP/i-broker. So it's up
>> to a user
>> whether they want to be anonymous or not.
>
> Right, agreed, assuming somebody demonstrates that it's implementable.
>
> But really, isn't that the wrong design?
>
> - ben
Johannes Ernst
NetMesh Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/yadis/attachments/20060731/0c1301bd/lid.gif
-------------- next part --------------
http://netmesh.info/jernst
More information about the yadis
mailing list