[OpenID] My answers to the nominee questions

[Luke Shepard]

Apologies; sent too early.


> It would be nice if RP's had a "I'll scratch your back if you'll scratch mine." system by which they could send short messages to one another's networks - for instance, Monster.com would say "Hey Yahoo, please notify all the Friends of this user on your network, blah blah blah." and Yahoo could do so. Or not, at its option (but I'm assuming it would desire reciprocation) or respective users' options; but the "spam" UX is little different than your well-intending relatives happily feeding your E-mail address into an address-mining site while filling themselves with good feelings that they've just alerted you to a wonderful opportunity. The main difference is, Monster.com doesn't actually see a list of friends, so it can't abuse that information later on - though users, of course, can choose to visit Monster.com and learn more if they wish.

That's a cool thought. I agree that that option should be offered by IDPs.

> This would make the UX very OP-centric, which somewhat ruins the portability feature of OpenID; an expanded model (of which I've written before) would allow Monster.com to contact *any* participating RP and ask them to deliver a message the next time that user logged in (my mind boggles at the storage space this could require, but hard drive space is getting cheaper these days).

I don't think it ruins the portability. As long as there is a standard for requesting that the user send to their friends on the IDP, then it's still cross-platform. I'm not sure I understand how it would work for Monster.com to contact any participating RP, but I'd love to follow up on the idea.


> Postscript: I'm a bit disturbed looking back at the wording of the world you'd love to see. I'm not sure if that was worded exactly as you meant it; if I walk up to a stranger I would like to do business with, I don't hand over a planner and say "Here's a list of my friends and their contact information."; I use my handy (futuristic) PDA to conveniently authorize *his* PDA to send business offers to mine, whereupon mine will automatically relay the messages to my friends on his behalf (all without bothering ME about it) - but just because I go somewhere, doesn't mean that all this information is necessarily "coming with me".

I meant basically what you said; my information should be available to me, but only dispensed according to the privacy settings I've put in place. If I'm not comfortable with random strangers knowing my data, then I'll set that up and then they won't. And if I am, but I change my mind in the future, then the information that's dispensed would be retracted. As has been pointed out elsewhere, it's technically impossible to retract information, but extra-technical means (like a legal framework) can help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081212/e58c5d2b/attachment-0002.htm>