[OpenID] Anti-OpenID Campaign in Germany

Recordon, David drecordon at verisign.com
Wed Apr 25 09:23:19 UTC 2007


Yes, what I found interesting though in the conversation I had is that
there is a feeling in parts of the World that an ISP shouldn't know
where you browse, your credit card company not know where you spend
money, and your telco not know who you call.  Obviously this needs to be
balanced with what is achievable, though certainly illustrates some
cultural differences as OpenID is used around the World.

Awesome, didn't realize you were in Germany this week!

--David 

-----Original Message-----
From: Dick Hardt [mailto:dick at sxip.com] 
Sent: Wednesday, April 25, 2007 2:20 AM
To: Recordon, David
Cc: openid-general
Subject: Re: [OpenID] Anti-OpenID Campaign in Germany


OpenID as it stands now is a little leaky about where you are going to
your OP (IP address of server fetching YADIS document), and given that
most people won't be able to run their own, there is some legitimacy to
the issue -- but I would argue that your ISP has a pretty good idea of
where you are going as well if they wanted to.  
The user should select an OP that they trust to not abuse this
information.

btw: I'm in Germany right now for Web 2.0 Kongress. :-)

-- Dick

On 25-Apr-07, at 11:07 AM, Recordon, David wrote:

> Seems there are some campaigns
> (http://www.deltalima2.de/aktion-openid-nein-danke -- 
> http://translate.google.com/translate?u=http%3A%2F%
> 2Fwww.deltalima2.de%2
> Faktion-openid-nein-danke&langpair=de%
> 7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=
> %2Flanguage_tools) against OpenID in parts of Europe which I think we 
> need to take a look at.
>
> Was talking with someone in Geneva yesterday who explained that his 
> understanding of the problem is that there is a fear of OpenID if it 
> means an OpenID Provider knows which relying parties you're 
> interacting with and when.  I explained that you can run your own 
> provider as was discussed in a blog post today
> (http://www.bendodson.com/developer/news/2007/april/how-to-create-
> your-v
> ery-own-openid/), but it seems we need to do a better job of 
> explaining this is possible.  I know Sxip has also done some work on 
> running an "identity agent" locally on your computer so that your 
> provider doesn't actually know every time you're interacting with a 
> RP.
>
> Do people on this list have a better understanding of what the
> problem(s) is/are?  Dick, Johannes, and I will also be in Munich the 
> week after next for the 1st European Identity Conference
> (http://www.kuppingercole.de/eventformats/conference) and would love 
> to chat about this in person as well.  I'll also be in Brussels 
> tomorrow and Friday at the Identity Open Space if anyone would like to

> talk then.
>
> Thanks,
> --David
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>




More information about the general mailing list