[OpenID] Blacklisted or 'every user'?

[SitG Admin]

I've been thinking about identity and trust; specifically, the 
chicken-and-egg debate that relates to OpenID because it is "about 
identity, not trust". It seems to me that our URI's are the 
*identity*, and our OP's receive the *trust*; we have trouble 
agreeing on any centralized solutions that we can all trust, but then 
we each pick our own favorite centralized solution and clamor for 
everyone else to join us! That doesn't work, and interoperability is 
impossible *because* we don't trust anyone else's favored centralized 
solution. So now (with OpenID) interoperability is being assured on 
the basis of "The person trying to log in trusts their solution." 
instead of "*I* trust the solution of the person trying to log in."; 
we can look at how this scattering effect is potentially the complete 
opposite of centralization (with the possibility of being anywhere 
along a spectrum in between as popularity of multi-user OP's grows), 
but I'm much more interested in what this outsourcing of trust 
implies.

If identity and trust each seem to require the other, it may be due 
to a feedback effect where establishing details about one will 
reflect upon the other. To what extent do I accept the user's 
outsourcing of trust? Am I accepting that the user trusts that OP, or 
that the OP should receive *my* trust? I think (and this is just *my* 
answer, and experimental) that I should trust their OP just far 
enough to go through the OpenID protocols, but when it comes to my 
own judgement, I may decide that - since I cannot be sure that the OP 
meets my own standards for authentication - that I will blacklist the 
user. But this is blacklisting the *user*, not their *OP* - once 
their OP vouches for them, I say "Okay you have proven to be the one 
I am blacklisting, now you know that you *are* being blacklisted."

To determine my standards for authentication I have to ask what 
matters to me. In this case, that only one real person will be 
accessing the site through a single OpenID Identity - so, the OP has 
to be reliable for preventing all other users from logging in. This 
is where it begins to generate feedback into identity; if I do not 
*trust* the OP to take reasonable measures in preventing others from 
logging in, I must assume that the *identity* of the user vouched for 
by that OP is potentially any *other* user. At this point, to protect 
the elevated privileges of the user (possibly including their 
privacy, if they can access their personal details through their 
account with my site!), I must downgrade their access to "every user" 
instead of "this particular user".

An excellent example of this would be the server at 
www.jkg.in/openid/*, which does not perform ANY authentication before 
vouching for the user. Interestingly, this site allows me to offer 
authentication-less "groups" with OpenID, to give people an idea for 
how it works (*without* having to sign up anywhere) and let them 
access particular areas of the site; for instance, a note on the 
front page might say "log in as www.jkg.in/openid/press" for media 
information.

Of course sometimes blacklisting is meant to apply to users, not 
OP's, but I don't think we have much to worry about if blacklists 
ignore OP's. It might affect users on a large scale if, say, all AOL 
users were banned, but that's been done before :)

-Shade