[OpenID] OpenID on TechCrunch forums

Chris Messina chris.messina at gmail.com
Mon Jan 8 19:14:17 UTC 2007


...which ultimately should be part of determining who you use as your
OpenID provider.

Heck, SSO is coming. Right now, Yahoo, Microsoft and Google own all
that data and choose whether to share it and with whom. This trend is
going to increase, not decrease.

Building businesses *on top* of OpenID will require, to some degree,
this data to be stored and analyzed. There will be organzations that
do good by their users in collecting it; others will betray their
members. There may be policy governing these matters in the future,
but I would prefer to build out proper and upstanding behavior through
community moral enforcement.

Now, what this does point to, however, is the need for documentation
and guidance on choosing an iDP -- what to look for, what questions to
ask, how to ask them and what the answers mean. I was reading through
the Windows VISTA guidebook section on InfoCard -- and they mentioned
it in a such a simple, straightforward way as to obfuscate the reality
underpinning such a system w/r/t privacy and data ownership.

It's paramount to the adoption of OpenID that we have not just a
better and more coherent story, but that we can explain why these
issues are important and salient and then follow up with what people
can do about it.

Chris

On 1/8/07, Paul Madsen <paulmadsen at rogers.com> wrote:
> Providers will almost certainly *gather* this information, the important
> question is what they do with it, i.e. share, sell, aggregate.
>
> paul
>
> Bob Wyman wrote:
> > One of the comments[1] to Sokullu and McManus' original post called
> > for OpenID sites to accept greater privacy guarantees than currently
> > provided.
> >
> > Specifically, the commenter is concerned that information about the
> > frequency of authentication at various sites. Stoicho asks: "How can
> > you trust a 3rd party [who] sees how frequent your users logged in,
> > how many users your application has?"
> >
> > Stoicho asks that sites make the following pledge: Is this reasonable?
> >
> > "WE WILL NEVER EVER NEVER EVER GATHER ANY INFORMATION, REGARTHLESS HOW
> > MANY, OR HOW FREQUENT YOUR APPLICATION USERS USED THEIR OPENID ACCOUNTS."
> >
> > bob wyman
> >
> > [1]
> > http://www.readwriteweb.com/archives/openid_vs_bigco.php#comment-8274
> > <http://www.readwriteweb.com/archives/openid_vs_bigco.php#comment-8274>
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
> > ------------------------------------------------------------------------
> >
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.5.432 / Virus Database: 268.16.7/619 - Release Date: 1/7/2007
> 6:29 PM
> >
>
> --
> Paul Madsen             e:paulmadsen @ ntt-at.com
> NTT                     p:613-482-0432
>                         m:613-302-1428
>                         aim:PaulMdsn5
>                         web:connectid.blogspot.com
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>


-- 
Chris Messina
Citizen Provocateur &
  Open Source Ambassador-at-Large
Work: http://citizenagency.com
Blog: http://factoryjoe.com/blog
Cell: 412 225-1051
Skype: factoryjoe
This email is:   [ ] bloggable    [X] ask first   [ ] private



More information about the general mailing list