[OpenID] openid in a non-distributed situation?
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Thu Jul 19 13:46:37 UTC 2007
Simon Willison wrote:
> They are all examples of public sites that have chosen to allow OpenID
> users from any identity provider to associate their OpenID with an
> account on the site and use it to sign in as an alternative to a
> username and password. I'm interested to know if you think this is an
> unsuitable use for OpenID in its present form - and if you do, what
> your reasons are.
>
They are relying parties in relation to OpenID providers and I'm sure
that they made a decision if and how they want to rely on them. Nothing
wrong with that and I'm not really concerned about RPs which made that
decision. This is obviously all fine as long as it serves their purpose.
I'm concerned more about RPs which must or want to have higher
requirements, for which David compiled some useful extensions. However
those extensions are pretty meaningless if they can not be enforced and
traced back to some verifiable source.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: startcom at startcom.org
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070719/a2434446/attachment-0002.htm>
More information about the general
mailing list