[OpenID] Rule of thumb

John Wang jwanggroups at gmail.com
Fri Jul 13 07:45:54 UTC 2007


On 7/12/07, Peter Williams <pwilliams at rapattoni.com> wrote:
>
> [...]
>
> Now, how can we do this with OpenID?
>
> The klutzy way is to make that mega-RP into an mega-IDP, upsetting the
> balance of power and creating a centralized monster.  That prospect will
> cuase a political backlash, similar to the ccounter-current which killed-off
> voluntary PKI adoption.


It doesn't necessarily have to be the mega-RP becoming a mega-IDP to be
klutzy. Just having the mega-RP rely only on mega-IDPs may be klutzy enough.
I do think that sites with more sensitive information will be more likely to
rely only on mega-IDPs, whether the mega-IDP is themselves or a third-party.

One issue with mega-IDPs is that they will consolidate information about a
user's logins. Some people don't mind that but others are more concerned
about their privacy.

In the PKI world, the mega-CAs are embedded in the browsers that
automatically trust those CAs on behalf of the users, with most users not
even realizing the browser ISV is making a trust decision for them. I've
been wondering if there's anything wrong with CAs like CAcert that provide
free certs to just provide encryption, as opposed to authentication. I see
mega-IDPs like mega-CAs and do-it-yourself IDPs like CAcert.


-- 
John Wang
http://www.dev411.com/blog/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070713/38bf7ee5/attachment-0002.htm>


More information about the general mailing list