[OpenID] About Facebook, MySpace and OpenID
rabbit at cyberpunkrock.com
Sat Apr 4 01:07:11 UTC 2009
On Apr 3, 2009, at 6:05 PM, SitG Admin wrote:
>> Internal service updates and service activity updates can be RSS
>> feeds the user subscribes to (or the OP displays to the user when
>> the user logs in).
> Idle thought - what if the user (or RP) has information to transfer
> to the user but doesn't want any of the OP's to see that data? Could
> that RP or another, through OAuth (which, it should be noted, I
> scarcely understand), get *permission* to display the data, through
> the OP('s), and then display this for the user?
It would be simple if the RP provides users the option on what
information should be published. The OP would then have a drop box
style endpoint where information can be published but only the owner
can read it. That would eliminate the need for permission checks.
This makes more sense because:
* RP has information and you decide what should be published
* OP receives information and you decide what should be displayed
Users should choose an OP they trust. From an e-mail perspective your
question reads "what if an RP wants to send example at gmail.com a
message but doesn't want gmail to see it?"
More information about the general