[OpenID] OpenID consumers should make it clear if they are going to publish a user's OpenID
Martin Atkins
mart at degeneration.co.uk
Mon May 14 14:53:22 UTC 2007
Simon Willison wrote:
> One of the benefits of OpenID is that it lets accounts on different
> sites be linked together. This has plenty of exciting implications,
> but also introduces new privacy concerns. If a site publishes a user's
> OpenID anywhere it is enabling cross-site correlation whether or not
> the user (or site) wants it to happen.
>
Im afraid that my view on this problem has always been that if you don't
want to be correlated, you should use a different identifier. The beauty
of OpenID is that you don't have one identifier for many sites, or one
identifier for one site... you have many identifiers for many sites. You
can use the same single identifier for all sites, or you could use a
different identifier for each site, or a combination of the two.
This is already possible today. It's even easier with the help of
"directed identity".
More information about the general
mailing list