[OpenID] Need of the hour for OpenID

SitG Admin sysadmin at shadowsinthegarden.com
Wed Apr 8 06:34:50 UTC 2009

>It is increasingly clear to me, that the solution involves a centralized
>distribution mechanism which I alluded to in my "Suggestions for OpenID

Actually, centralization is the *problem* - and OpenID is the *solution*.

>2.1". Something in the lines of "Personal Discovery Service".

One thing that *has* been discussed on this list, in the past, that 
you could look into, is OP's whose sole or main duty is to inform the 
RP of multiple other OP's, depending on who that RP is and what the 
user has authorized, thus keeping information about the user's other 
OP's secret from RP's the user did not intend to do business with and 
authenticate to.

>This can be possible only if all the major players come to an agreement on
>this. OpenID is in a perfect position to make this happen. This is easier
>said than done though. All the major players have their own vested

Some of these interests happen to be identical - and *that* is why 
what you are describing will *never* happen. Too many major players 
will lose out if any single player becomes the central authority. The 
only way for each of them to be sure that noone else has gained that 
advantage, is for *all* of them to be *equally* powerless: in other 
words, a USER-centric topology.

>To begin with, the solution must only consider sharing of basic profile
>data. Bringing in other social data will only magnify the disagreements. And
>in any case as far as Openid is concerned its interests should only be in
>the basic profile.

Succinct translation: OpenID needs to shoot itself in the foot.


More information about the general mailing list