[OpenID] Yahoo hijacking?
Max Metral
max at artsalliancelabs.com
Sat Apr 19 14:43:56 UTC 2008
This is a reply to an off-list message that I felt should be on-list, so
I removed the original message. Apologies if some context is lost.
I think my argument starts with an appropriateness argument and is using
that to push a compliance definition that supports it. And while I'm
not sitting here waving a US flag, the version of the "mechanism" I'm
trying to use here is market force. From my Passport days I'm basically
suggesting that if this "story or concern" were to take hold it would be
very damaging to OpenID overall. If potential adopting sites come to
believe that there's a non-negligible chance that sending someone off to
signin with OpenID is the last time they'll see them, and in this case
that on the margin, the IDP is potentially competing with the RP for the
users attention, we're in trouble.
I don't think Allen and/or Yahoo are trying to be evil here. I don't
think there were hour long meetings trying to figure out how to screw
the RPs. I just think appearances here are important, especially when
you're the #1 trafficed site on the internet and you're about to join
MSFT (good luck with that, been there, was fun, buy the book, eat the
food, etc).
At the very least, one possible solution would be saying more with the
link.
"I do not want to login, take me to Yahoo"
And perhaps a second like
"I do not want to login, take me to Foobar.com"
Or a combination
"I do not want to login, take me to >Foobar.com< or >Yahoo.com<"
--Max
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080419/0ff7ce53/attachment-0002.htm>
More information about the general
mailing list