[OpenID] OpenID, P2P and decentralization

Recordon, David drecordon at verisign.com
Fri Mar 2 19:58:43 UTC 2007

Agreed, but I'm not talking as a RP or OP, but as a person.  If I see
you using http://paul.madsen.name for example on a public service such
as Jyte, is it wrong for me to treat it as a public identifier?

We're not talking about technology here beyond the initial start in
terms of using a technology such as XFN or FOAF for me as a person
deciding to broadcast my social network of public identifier.  I'm not
advocating for this be done in any sort of automatic fashion...just as I
don't automatically publish a list of every email address which emails


-----Original Message-----
From: Paul Madsen [mailto:paulmadsen at rogers.com] 
Sent: Friday, March 02, 2007 11:56 AM
To: Recordon, David
Cc: general at openid.net
Subject: Re: [OpenID] OpenID, P2P and decentralization

Hi David, before you listed that email of mine, you asked yourself 'Has
Paul made this identifier publicly available?' As I had, you felt it was
safe to broadcast it.

But, who is to say that I want all of my OpenIDs publicized in the same
fashion? I might use one only at a particular set of RPs or in a
particular context. If I share such a contextual OpenID with yourself in
order to represent some social connection between ourselve,  have I
given up all rights with respect to what you do with it?

OpenID is an IDP discovery mechanism and a SSO protocol, it shouldn't
dictate a particular privacy model.


Recordon, David wrote:
> Agreed, if you're using a public identifier then what is the harm.
> I'd also have no problem giving someone your email address, 
> paulmadsen at rogers.com, since you've made it a public identifier by 
> posting to publicly archived mailing list.  Same would apply for 
> something like Ben Laurie's phone number since he posts it publicly at

> http://www.apache-ssl.org/ben.html.
> Now if you've shared an identifier with me which you don't use in a 
> public fashion, then I would respect that and not share it.
> So same thing with an OpenID URL or iname.  If it is being used 
> publicly http://davidrecordon.com or =kaliya then I don't see why it 
> being referenced in a public fashion is a bad thing.
> --David
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] 
> On Behalf Of Carl Howells
> Sent: Friday, March 02, 2007 11:37 AM
> To: Paul Madsen
> Cc: general at openid.net
> Subject: Re: [OpenID] OpenID, P2P and decentralization
> (Sorry for the double-email Paul, I forgot how this list is set up.)
> Because an OpenID isn't private information?  The whole *point* of the

> system is that it's a public-facing identifier.
> Carl
> Paul Madsen wrote:
>  > David, you wouldn't give out my email, my home address, my SIN, or 
> my phone number without asking yourself whether I might object, why 
> should an OpenID be different?
>  >
>  > paul
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

Paul Madsen             e:paulmadsen @ ntt-at.com
NTT                     p:613-482-0432

More information about the general mailing list