[OpenID] Correlating Identifiers (was: OpenID based on email addresses... Just Works!)

[Nate Klingenstein]

Nat,

I agree, and I'm glad you highlighted this.  Privacy also pertains  
strongly to other attributes.  I think consistent use of AX as a  
transport protocol makes it much easier for sites to give proper  
privacy options to users.

Separately, persistent opaque identifiers are a really good thing,  
especially when unique to a particular RP/SP.  When Yahoo first made  
the decision to use them as the default in their implementation, I  
was worried that most of their applications, users, and developers  
would be baffled, and didn't know why they weren't targeted.  I  
wonder if Allen has any new words of wisdom to share now that he has  
experience with them in practice.

Take care,
Nate.

> Now, IMHO, privacy advocates have much to say on this: correlations.
> So, we should tread carefully in this area, though.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081102/4971dc5e/attachment-0002.htm>