[OpenID] A selector for OpenID

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Mon Apr 21 00:38:04 UTC 2008 

Peter Watkins:
> On Sun, Apr 20, 2008 at 08:21:25AM -0700, larry drebes wrote:
>   
>> Peter,
>> The  tools is configurable from the idselector.com site.  Yes, you can
>> create a custom list of OP's, it's an easy drag & drop interface, check it
>> out.  Feedback on additional customizations is welcome.
>>
>> Just to state the obvious, The mission of the idselector is not to gather a
>> bunch of data for Janrain so that it can be exploited or abused.   We talked
>> to many RP's & OP's  in the last weeks to make sure it was a neutral
>> offering.  We have added the same level of security around idselector as our
>> myopenid OP.  It's one of the few widgets on the internet that loads
>> entirely over ssl.   We see the widget as an ecosystem enabler, just as our
>> opensource libraries are.
>>
>> larry-
>>     
>
> Thanks for the clarification. Loading over https is immaterial -- the privacy, 
> security, and availability concerns remain. I'm not sure why you seem drawn
> to the remote scripting model, as opposed to offering a link or attribution
> model that would resolve all social and technical concerns about idselector 
> *and* reduce your infrastructure costs, but I don't want to drag this out. 
> I think I've made clear already for whatever it's worth that 
>  1) As an admin, I'd never use a remote scripting service like this.
>  2) I think wide adoption of idselector could adversely affect OpenID's uptake 
>     given the intrinsic privacy problems with your model. As Thomas said,
>     your model goes far beyond any regular OpenID "nature of the beast" concerns.
>
> I do think something like ideslector is a good idea. As I said earlier, I'd been
> thinking about this sort of thing for making it easier for regular AOL and Yahoo!
> users to use OpenID on the sites I'm responsible for. I can only hope that your 
> remote scripting model "fails in the marketplace" as we Yanks like to say. No malice 
> intended, I just think hosting the resources outside the RPs is the wrong approach.
>
> Not trying to be sarcasatic at all -- it does look quite nice. 
>   

I too think it does look quite nice. I'm not sure what Larry's 
intentions really are, but for many it doesn't matter where it's hosted 
and therefore provides an excellent service. For others there might be 
an option to download an archive and serve it locally? I think that 
would be the killer app for all OpenID RP implementations and would 
provide a familiar face for future common login facilities....

Larry, do you have such intentions?


-- 
Regards 
 
Signer:  	Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber:  	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog:  	Join the Revolution! <http://blog.startcom.org>
Phone:  	+1.213.341.0390
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080421/af51d11c/attachment-0002.htm>

More information about the general mailing list