Adoption questions
Chris Drake
christopher at pobox.com
Fri Oct 6 03:26:33 UTC 2006
I still worry about end-user experience, privacy, and OpenID
usefulness to RPs running non-trivial services.
Can someone outline how user privacy gets maintained? (and what, if
anything, a user needs to do and/or understand to support this?)
Would any RP handling, say, credit-card data, be comfortable with
adopting the proposed spec? Think: Amazon, wanting to re-authenticate
upon purchase.
Is my understanding accurate: OpenID is unable to support single sign
on. If not - lets assume it's 9am. I just signed on. I can visit
RP#1 then RP#2 then RP#3 and go back and forth all day without
hindrance, until I next sign off - yes?
Privacy: during any hypothetical overheard lunchtime conversation
between The CEO of RP#1 and the CEO of RP#2 - nobody's ever going to
hear this fragment of conversation: "... yeah - that troublemaker is
one of our users too ..." - or are they?
Sorry to harp on about the fundamentals. I'm not so sure the
under-hood work is as important as the "big picture", and I don't
think we've got this last bit right yet.
Kind Regards,
Chris Drake,
=1id.com
More information about the specs
mailing list