[OpenID] OAuth SPs don't have to be your OpenID OP
sysadmin at shadowsinthegarden.com
Sat Apr 4 17:11:48 UTC 2009
>Right. This was what we discussed at the OpenID Design Workshop -
>that such a PDS system could hint to the browser what OP the current
>user uses - and nothing more
Exactly. Anything more would be against the design philosophy of
OpenID (that "decentralized" part of "an open, decentralized free
framework for user-centric digital identity") - the CDS may hint, but
the user must still have the final say.
I *don't* hear "OpenID" when someone describes a centralized
repository for identities that will "allow" discovery and "manage"
trust - I hear the internal memo version of a scheme to impose upon
the world a centrally-controlled entity that will selectively
disallow discovery and manage users' trust for them. Free as in cost,
not as in freedom.
More information about the general