[OpenID] A selector for OpenID

larry drebes ltd at janrain.com
Sun Apr 20 15:21:25 UTC 2008 

Peter,
The  tools is configurable from the idselector.com site.  Yes, you can
create a custom list of OP's, it's an easy drag & drop interface, check it
out.  Feedback on additional customizations is welcome.

Just to state the obvious, The mission of the idselector is not to gather a
bunch of data for Janrain so that it can be exploited or abused.   We talked
to many RP's & OP's  in the last weeks to make sure it was a neutral
offering.  We have added the same level of security around idselector as our
myopenid OP.  It's one of the few widgets on the internet that loads
entirely over ssl.   We see the widget as an ecosystem enabler, just as our
opensource libraries are.

larry-

On Sun, Apr 20, 2008 at 7:49 AM, Peter Watkins <peterw at tux.org> wrote:

> On Sun, Apr 20, 2008 at 06:32:43AM -0700, larry drebes wrote:
> > Max,
> > The primary goal is to make is to improve the end-user experience for
> > OpenID.  There is a large user education problem that is throttling
> OpenID
> > growth.  We were also trying to make it simple for the RP, and neutral
> for
> > the OPs.
> >
> > The javascript attaches to an existing OpenID login form.  In the (rare)
> > case the javascript could not load from the (high available) idselector
> > server, the form will continue to work, just with out a default value.
> >
> > larry-
>
> So that's "no" to making the code available for "local" OP installs?
>
> As a site admin & developer, that's disappointing. Not terrible -- we
> can always roll our own as I'd imagined anyway (which would also allow
> us complete control over what OPs to list/suggest).
>
> As a user, I think there's a privacy danger inherent in your current model
> that folks should think about. The 3rd-party widget approach means that
> idselector could amass information about where & when individual users hit
> OpenID login pages. And it means iselector can learn what identities
> individual users attempt to claim. It's not just a single point of
> failure,
> it's a single point of data funnelling. If many RPs chose to use something
> like this, it could undermine the privacy benefits of the otherwise very
> decentralized/federated OP/RP model -- think doubleclick for OpenID.
>
> -Peter
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080420/b1852cb6/attachment-0001.htm>

More information about the general mailing list