[OpenID] OpenID and SSO
Dick Hardt
dick at sxip.com
Tue Jul 1 14:56:03 UTC 2008
I think the contractual and privacy issues will require a click to
login. EU and Canadian privacy laws require the user to have consented
to acquiring personal information. Similar to the EULA licenses users
have to actively do something with.
Since it is impossible to know how the user truly arrived at a page,
and users can arrive at a page without having actively chose to, the
site needs the user to actively do something to acknowledge they want
to share information and not be pseudonymous.
On 1-Jul-08, at 1:47 AM, SitG Admin wrote:
>> Users do not want to login. Really, they don't.
>>
>> Therefore you can measure the success of SSO by counting the
>> dissapearing
>> login "buttons" or "links" on websites who do offer user centric
>> (profiling)
>> services.
>
> A vital question here, then, is whether the user values privacy
> enough to forgo this level of convenience. Short of opting to
> automatically grant all RP requests (and never prompt user for
> re-authentication to the OP - it can still expire, just don't bother
> the *user* with renewing it), there is no way to "intelligently"
> practice selective login for the user.
>
>> "Click to proceed", yes,
>
> There shouldn't even be that, though. Just go to the site and see the
> page. No matter how much you abstract the process of authenticating,
> if they have to take steps to have the service recognize them then
> it's a login.
>
> -Shade
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list