[OpenID] OpenID, P2P and decentralization

George Fletcher gffletch at aol.com
Fri Mar 2 19:52:21 UTC 2007


The problem may come in how the "owner" of the OpenID perceives the 
context in which they use the identifier.  If I don't perceive the 
context to be public, then I will assume that others will treat the 
information as "private" or "privileged".  If others however, perceive 
the context as public then they will feel free to share the identifier 
without seeking my consent.

I think part of the problem comes when thinking of OpenID as a 
single-sign-on solution (which it does) vs a public personal identifier 
"solution" for which it was designed.  I can use OpenID as my SSO 
solution but I, the user, need to be very cognizant of the context in 
which I'm using my identifiers and use "private" ones in "private" 
contexts and "public" ones in "public" context.  This will take some 
learning for most users and OpenID doesn't lend itself very well to 
easily creating lots of "private" identifiers (though OpenID 2.0 
addresses this by allowing OP's to generate identifiers for their users).

However, when it comes to SSO between my "public" publishing/social 
networking environments, OpenID is perfect because it provides that 
desired "correlation" in order to build reputation.

Thanks,
George

Recordon, David wrote:
> Agreed, if you're using a public identifier then what is the harm.
>
> I'd also have no problem giving someone your email address,
> paulmadsen at rogers.com, since you've made it a public identifier by
> posting to publicly archived mailing list.  Same would apply for
> something like Ben Laurie's phone number since he posts it publicly at
> http://www.apache-ssl.org/ben.html.
>
> Now if you've shared an identifier with me which you don't use in a
> public fashion, then I would respect that and not share it.
>
> So same thing with an OpenID URL or iname.  If it is being used publicly
> http://davidrecordon.com or =kaliya then I don't see why it being
> referenced in a public fashion is a bad thing.
>
> --David
>
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Carl Howells
> Sent: Friday, March 02, 2007 11:37 AM
> To: Paul Madsen
> Cc: general at openid.net
> Subject: Re: [OpenID] OpenID, P2P and decentralization
>
> (Sorry for the double-email Paul, I forgot how this list is set up.)
>
> Because an OpenID isn't private information?  The whole *point* of the
> system is that it's a public-facing identifier.
>
> Carl
>
> Paul Madsen wrote:
>  > David, you wouldn't give out my email, my home address, my SIN, or my
> phone number without asking yourself whether I might object, why should
> an OpenID be different?
>  >
>  > paul
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>   



More information about the general mailing list