[OpenID] What about Address Books? (not Logout)

SitG Admin sysadmin at shadowsinthegarden.com
Fri Apr 10 00:18:50 UTC 2009

>I'm not sure SLO is that pressing in today's openid world, wanting 
>to share a few address books to define one's personal community of 

Remember the furor over a certain social networking site protecting 
the E-mail addresses of its members by putting them into a photo, and 
then some programmer came along and wrote a utility to extract them 
back to text again so people could freely migrate their address 
books? At some point OpenID may introduce this kind of conflict 
between friends, because there's a big difference between knowing 
that your friends keep your full name associated with your E-mail 
address on a personal computer that noone else will ever access, and 
learning that your friends have been migrating that data around 6-10 
different third parties without checking their Privacy Policy first 
(much less checking whether the people responsible have been vetted 
by anyone reputable).

Webmail is typically a limited use-case, and hosted by big companies. 
As the idea of a user-centric web hits critical mass, and especially 
with the technology becoming increasingly available and easy to use, 
these unpleasant side-effects may occur simultaneously with the 
takeover by their primary cause.

None of which has anything to do with logout, but it might throw a 
wrench into the works of data migration, so there it is for anyone 
working on that to be worried about ;)

Our discussion of OpenID has been focusing on OP's and RP's and 
whether they can trust each other, but in a user-centric world there 
are also questions of whether users who are not directly involved 
with the OP *or* the RP actively distrusting either or both; I don't 
know if this indirect trust is an area that OpenID ought to be trying 
to address, but OP's and RP's dealing with such information might 
want to consider educating users about it, actively, so users take 
care with which third parties they entrust with their friends' 
information, and those of us promoting OpenID can show that we *care* 
what their friends think of them (best for the social networking 
sites, perhaps).


More information about the general mailing list