Identifier portability: the fundamental issue
Drummond Reed
drummond.reed at cordance.net
Mon Oct 16 21:29:00 UTC 2006
+1. "Trust is not a boolean." Martin, that's very quotable. Can I attribute
it to you?
=Drummond
-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On Behalf
Of Martin Atkins
Sent: Monday, October 16, 2006 12:25 PM
To: specs at openid.net
Subject: Re: Identifier portability: the fundamental issue
Chris Drake wrote:
>
> There seem to be a lot of people on this list who want to hate and
> loathe the IdP, and grant all power to the RP. I do not understand
> this reasoning: our users will select the IdP they trust and like,
> then they will be using a multitude of possibly hostile RPs
> thereafter: the reverse is simply not true.
>
If I'm using one IdP to assert my primary public identity, they can
hypothetically develop quite a profile about me. I probably don't mind
too much in most cases, because I researched them and found that they
are a good provider and won't sell my data out to the bad guys.
However, there might be some things I want to do (for example, posting
locally-prohibited speech on a public forum) that I don't want attached
in any way, shape or form to my public identity. The trust relationship
I have with that IdP probably isn't enough for this; if there is any
record at all of any association between these two identities, as
friendly as my IdP may be, there is a chance that it will be ceased by
court order, or leaked by an insider, which might lead to me getting in
serious legal trouble.
This is just one (perhaps extreme) example of why my trust in my IdP is
not universal and all-encompassing. Trust is not a boolean.
More information about the specs
mailing list