[OpenID] OAuth SPs don't have to be your OpenID OP

SitG Admin sysadmin at shadowsinthegarden.com
Sat Apr 4 17:11:48 UTC 2009

>Right. This was what we discussed at the OpenID Design Workshop - 
>that such a PDS system could hint to the browser what OP the current 
>user uses - and nothing more

Exactly. Anything more would be against the design philosophy of 
OpenID (that "decentralized" part of "an open, decentralized free 
framework for user-centric digital identity") - the CDS may hint, but 
the user must still have the final say.

I *don't* hear "OpenID" when someone describes a centralized 
repository for identities that will "allow" discovery and "manage" 
trust - I hear the internal memo version of a scheme to impose upon 
the world a centrally-controlled entity that will selectively 
disallow discovery and manage users' trust for them. Free as in cost, 
not as in freedom.


More information about the general mailing list