[OpenID] Opt out of Yahoo OpenID?
Simon Willison
simon at simonwillison.net
Fri Jan 18 23:39:56 UTC 2008
On 1/18/08, Peter Williams <pwilliams at rapattoni.com> wrote:
> We cannot say that this is not openid (the use of a uri element that could be ciphertext). I assume it has the same purpose as the pseudonym name format in the saml standard. What we should perhaps question is whether openid is deficient in its use-case work given it did not standardize what yahoo felt compelled to add
As I understand it, the thing Yahoo! are doing (providing a unique
one-time OpenID for each user on a per-site basis, to prevent third
parties from correlating user behaviour across multiple sites without
the user's permission) is an intended consequence of the OpenID 2.0
specification. The official term for it is "directed identity", but
it's not widely understood (in fact that term isn't used in the OpenID
2.0 specification at all). It would be useful if this concept was
expanded upon in a set of design notes (or similar) to accompany the
specification.
There's a thread about directed identity here:
http://openid.net/pipermail/general/2006-November/thread.html#541
More information about the general
mailing list