[OpenID] Anti-OpenID Campaign in Germany

Dick Hardt dick at sxip.com
Wed Apr 25 09:20:01 UTC 2007


OpenID as it stands now is a little leaky about where you are going  
to your OP (IP address of server fetching YADIS document), and given  
that most people won't be able to run their own, there is some  
legitimacy to the issue -- but I would argue that your ISP has a  
pretty good idea of where you are going as well if they wanted to.  
The user should select an OP that they trust to not abuse this  
information.

btw: I'm in Germany right now for Web 2.0 Kongress. :-)

-- Dick

On 25-Apr-07, at 11:07 AM, Recordon, David wrote:

> Seems there are some campaigns
> (http://www.deltalima2.de/aktion-openid-nein-danke --
> http://translate.google.com/translate?u=http%3A%2F% 
> 2Fwww.deltalima2.de%2
> Faktion-openid-nein-danke&langpair=de% 
> 7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=
> %2Flanguage_tools) against OpenID in parts of Europe which I think we
> need to take a look at.
>
> Was talking with someone in Geneva yesterday who explained that his
> understanding of the problem is that there is a fear of OpenID if it
> means an OpenID Provider knows which relying parties you're  
> interacting
> with and when.  I explained that you can run your own provider as was
> discussed in a blog post today
> (http://www.bendodson.com/developer/news/2007/april/how-to-create- 
> your-v
> ery-own-openid/), but it seems we need to do a better job of  
> explaining
> this is possible.  I know Sxip has also done some work on running an
> "identity agent" locally on your computer so that your provider  
> doesn't
> actually know every time you're interacting with a RP.
>
> Do people on this list have a better understanding of what the
> problem(s) is/are?  Dick, Johannes, and I will also be in Munich the
> week after next for the 1st European Identity Conference
> (http://www.kuppingercole.de/eventformats/conference) and would  
> love to
> chat about this in person as well.  I'll also be in Brussels tomorrow
> and Friday at the Identity Open Space if anyone would like to talk  
> then.
>
> Thanks,
> --David
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>




More information about the general mailing list