[OpenID] What is the difference between 'normal'/OpenID users?

SitG Admin sysadmin at shadowsinthegarden.com
Mon Aug 4 02:20:45 UTC 2008 

In trying to get more sites to adopt OpenID as Relying Parties, some 
"attract more customers" possibilities have been suggested; for 
instance, users with an OP will stop by just to see what the site is 
about, giving RP's an opportunity to show them targeted ads to say 
that the user should return often and use their site *more*; there's 
plenty of time for the usual ads later, after a customer's loyalty 
has been assured. Some sites offer a limited subset of their usual 
functionality to OpenID users, perhaps as a "demo" enticing users 
into upgrading to a full account.

There's also "outsourcing authentication", where users make an 
account as normal but use OpenID to log in.

My question is - other than keeping authentication local to your own 
servers, what difference must it make whether a user is "entirely" 
yours or through OpenID?

It can't be lack of information that users would normally submit, 
because Attribute Exchange can do that with the same "at site's 
request and only if user voluntarily releases information" model - is 
there some way AX can send information that would make agreements to 
the effect of "You affirm that this is true and correct." not as 
legally binding as it is already? If the RP is in doubt about an OP 
sending correct information, it can always display filled-in fields 
to the user and ask for confirmation.

It can't be the potential to open up the site to any number of 
fraudulent account-creation processes (001.somesite.com, 
002.somesite.com, ad infinitum), because most sites *already* have 
that: and the same means (IP address, personal data, credit card paid 
with) can be used for keeping track of multiple registrations for 
OpenID as with regular accounts.

Perhaps the potential of instantly "growing" by a staggering several 
million users can be a bit daunting?

When a site becomes a Relying Party, what defines "regular user" to 
it? Is there any essential quality which wouldn't be present in 
OpenID users?

-Shade

More information about the general mailing list