<div class="gmail_quote">On Sat, Feb 13, 2010 at 2:29 PM, Tommi Laukkanen <span dir="ltr"><<a href="mailto:tommi.s.e.laukkanen@gmail.com">tommi.s.e.laukkanen@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi<div><br></div><div>Thank you this is valuable information. Clarifying questions:</div><div><br></div><div>Do you mean by protecting users identity that users should stay anonymous? Google directed identity provides users email to the relying party so the mechanism does not provide anonymity always. </div>
</blockquote><div><br></div><div>Certainly Google <i>can </i>provide email addresses if the user agrees to it, and this does defeat anonymity. That's true. But not all RPs request email address, and the user doesn't have to agree to it.</div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><br></div><div>Personally I have seen directed identity valuable from usability perspective as it provides easy way to sign in as you do not need to be copy pasting your personal openid url. </div><div><br></div><div>
I thought OpenId provides users globally unique indisputable id (url) and not just a way to avoid multiple passwords? </div></blockquote><div><br></div><div>I think you may be confusing "directed identity" with "identifier select". Directed identity is enabled by identifier select. Identifier Select is in the OpenID spec, and allows the user to either type "<a href="http://yahoo.com">yahoo.com</a>" or click a Yahoo! button (for example) and log into the OP and have the OP send the identifier (url) to the RP. The identifier the OP sends may be the user's universally recognized identifier, or it may be a pairwise-unique identifier that binds that user to just that one RP which prevents the RP from correlating the user data with other RPs. The latter pairwise-unique identifier scenairo is called "directed identity". Yahoo supported identifier select, but not directed identity. Google supports identifier select, and only offers directed identity. Unless you're using Google Profiles, in which case you can have that recognizable URL for the user again that is shared across RPs.<br clear="all">
</div><div><br></div><div>Hope that's helpful.</div></div>