[OpenID] A selector for OpenID

Peter Watkins peterw at tux.org
Sun Apr 20 07:49:39 PDT 2008

On Sun, Apr 20, 2008 at 06:32:43AM -0700, larry drebes wrote:
> Max,
> The primary goal is to make is to improve the end-user experience for
> OpenID.  There is a large user education problem that is throttling OpenID
> growth.  We were also trying to make it simple for the RP, and neutral for
> the OPs.
> The javascript attaches to an existing OpenID login form.  In the (rare)
> case the javascript could not load from the (high available) idselector
> server, the form will continue to work, just with out a default value.
> larry-

So that's "no" to making the code available for "local" OP installs? 

As a site admin & developer, that's disappointing. Not terrible -- we
can always roll our own as I'd imagined anyway (which would also allow
us complete control over what OPs to list/suggest).

As a user, I think there's a privacy danger inherent in your current model
that folks should think about. The 3rd-party widget approach means that
idselector could amass information about where & when individual users hit
OpenID login pages. And it means iselector can learn what identities 
individual users attempt to claim. It's not just a single point of failure,
it's a single point of data funnelling. If many RPs chose to use something
like this, it could undermine the privacy benefits of the otherwise very
decentralized/federated OP/RP model -- think doubleclick for OpenID.


More information about the general mailing list