[OpenID] OpenID on TechCrunch forums
Paul Madsen
paulmadsen at rogers.com
Mon Jan 8 19:32:17 UTC 2007
Liberty/SAML has long been knocked for the so-called 'panoptical model'
, i.e. the powers of observation afforded to the IDP
Welcome to the club :-)
Liberty has done work on the sorts of questions an SP should ask an IDP,
but not those the user might ask (although they are probably similar)
paul
Chris Messina wrote:
> ...which ultimately should be part of determining who you use as your
> OpenID provider.
>
> Heck, SSO is coming. Right now, Yahoo, Microsoft and Google own all
> that data and choose whether to share it and with whom. This trend is
> going to increase, not decrease.
>
> Building businesses *on top* of OpenID will require, to some degree,
> this data to be stored and analyzed. There will be organzations that
> do good by their users in collecting it; others will betray their
> members. There may be policy governing these matters in the future,
> but I would prefer to build out proper and upstanding behavior through
> community moral enforcement.
>
> Now, what this does point to, however, is the need for documentation
> and guidance on choosing an iDP -- what to look for, what questions to
> ask, how to ask them and what the answers mean. I was reading through
> the Windows VISTA guidebook section on InfoCard -- and they mentioned
> it in a such a simple, straightforward way as to obfuscate the reality
> underpinning such a system w/r/t privacy and data ownership.
>
> It's paramount to the adoption of OpenID that we have not just a
> better and more coherent story, but that we can explain why these
> issues are important and salient and then follow up with what people
> can do about it.
>
> Chris
>
> On 1/8/07, Paul Madsen <paulmadsen at rogers.com> wrote:
>> Providers will almost certainly *gather* this information, the important
>> question is what they do with it, i.e. share, sell, aggregate.
>>
>> paul
>>
>> Bob Wyman wrote:
>> > One of the comments[1] to Sokullu and McManus' original post called
>> > for OpenID sites to accept greater privacy guarantees than currently
>> > provided.
>> >
>> > Specifically, the commenter is concerned that information about the
>> > frequency of authentication at various sites. Stoicho asks: "How can
>> > you trust a 3rd party [who] sees how frequent your users logged in,
>> > how many users your application has?"
>> >
>> > Stoicho asks that sites make the following pledge: Is this reasonable?
>> >
>> > "WE WILL NEVER EVER NEVER EVER GATHER ANY INFORMATION, REGARTHLESS HOW
>> > MANY, OR HOW FREQUENT YOUR APPLICATION USERS USED THEIR OPENID
>> ACCOUNTS."
>> >
>> > bob wyman
>> >
>> > [1]
>> > http://www.readwriteweb.com/archives/openid_vs_bigco.php#comment-8274
>> >
>> <http://www.readwriteweb.com/archives/openid_vs_bigco.php#comment-8274>
>> >
>> >
>> ------------------------------------------------------------------------
>> >
>> > _______________________________________________
>> > general mailing list
>> > general at openid.net
>> > http://openid.net/mailman/listinfo/general
>> >
>> >
>> ------------------------------------------------------------------------
>> >
>> > No virus found in this incoming message.
>> > Checked by AVG Free Edition.
>> > Version: 7.5.432 / Virus Database: 268.16.7/619 - Release Date:
>> 1/7/2007
>> 6:29 PM
>> >
>>
>> --
>> Paul Madsen e:paulmadsen @ ntt-at.com
>> NTT p:613-482-0432
>> m:613-302-1428
>> aim:PaulMdsn5
>> web:connectid.blogspot.com
>>
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>
>
--
Paul Madsen e:paulmadsen @ ntt-at.com
NTT p:613-482-0432
m:613-302-1428
aim:PaulMdsn5
web:connectid.blogspot.com
More information about the general
mailing list