[OpenID] Need of the hour for OpenID
SitG Admin
sysadmin at shadowsinthegarden.com
Wed Apr 8 06:34:50 UTC 2009
>It is increasingly clear to me, that the solution involves a centralized
>distribution mechanism which I alluded to in my "Suggestions for OpenID
Actually, centralization is the *problem* - and OpenID is the *solution*.
>2.1". Something in the lines of "Personal Discovery Service".
One thing that *has* been discussed on this list, in the past, that
you could look into, is OP's whose sole or main duty is to inform the
RP of multiple other OP's, depending on who that RP is and what the
user has authorized, thus keeping information about the user's other
OP's secret from RP's the user did not intend to do business with and
authenticate to.
>This can be possible only if all the major players come to an agreement on
>this. OpenID is in a perfect position to make this happen. This is easier
>said than done though. All the major players have their own vested
>interests.
Some of these interests happen to be identical - and *that* is why
what you are describing will *never* happen. Too many major players
will lose out if any single player becomes the central authority. The
only way for each of them to be sure that noone else has gained that
advantage, is for *all* of them to be *equally* powerless: in other
words, a USER-centric topology.
>To begin with, the solution must only consider sharing of basic profile
>data. Bringing in other social data will only magnify the disagreements. And
>in any case as far as Openid is concerned its interests should only be in
>the basic profile.
Succinct translation: OpenID needs to shoot itself in the foot.
-Shade
More information about the general
mailing list