[OpenID] About Facebook, MySpace and OpenID

Rabbit rabbit at cyberpunkrock.com
Sat Apr 4 01:07:11 UTC 2009


On Apr 3, 2009, at 6:05 PM, SitG Admin wrote:

>> Internal service updates and service activity updates can be RSS  
>> feeds the user subscribes to (or the OP displays to the user when  
>> the user logs in).
>
> Idle thought - what if the user (or RP) has information to transfer  
> to the user but doesn't want any of the OP's to see that data? Could  
> that RP or another, through OAuth (which, it should be noted, I  
> scarcely understand), get *permission* to display the data, through  
> the OP('s), and then display this for the user?
>
> -Shade


It would be simple if the RP provides users the option on what  
information should be published. The OP would then have a drop box  
style endpoint where information can be published but only the owner  
can read it. That would eliminate the need for permission checks.

This makes more sense because:
* RP has information and you decide what should be published
* OP receives information and you decide what should be displayed

Users should choose an OP they trust. From an e-mail perspective your  
question reads "what if an RP wants to send example at gmail.com a  
message but doesn't want gmail to see it?"

=Rabbit



More information about the general mailing list