[OpenID] Correlating Identifiers
Nat Sakimura
n-sakimura at nri.co.jp
Thu Nov 6 10:53:44 UTC 2008
The current implementation that we are doing allows user to choose
non-correlating OpenIDs and correlating OpenIDs depending on the sites.
I believe that is the way it should be.
=nat
Christian Scholz / Tao Takashi (SL) wrote:
> Hi!
>
> On Thu, Nov 6, 2008 at 1:06 AM, Allen Tom <atom at yahoo-inc.com> wrote:
>
>> Hi Nate -
>>
>> By default, Yahoo users get a single machine generated OpenID identifier
>> which is used at all RPs that the user signs into. Because the identifier is
>> not unique to the RP, the user can be identified across multiple sites.
>>
>> Prior to launching our OpenID service, Yahoo's policy with our proprietary
>> SSO service was to issue RP-specific identifiers to prevent RPs from sharing
>> data about the user and correlating user behavior across different sites.
>>
>> Based on our discussions with the OpenID community, we concluded that the
>> spirit of OpenID is to allow a user to reuse the same identity across the
>> net, which implied that we should not vary the identifier that is returned
>> to RPs. We believe that there is value in having an identifier with a
>> reputation attached to it, and that in the future, RPs may be able to take
>> the user's reputation into account to optimize the content and services
>> given to first time visitors.
>>
>
> We had this discussion quite a bit on the DataPortability chat a while
> back and I wonder if that's really working for everybody as maybe some
> people don't want to be aggregated into a single identity. I might
> want a different profile on different sites and those sites not to be
> able to aggregate it. So basically let the user decide.
>
> But then again it depends on your provider if you can e.g. use
> "yahoo.com" and not some personal identifier which then the site would
> have anyway. So maybe this problem is one step before OpenID and some
> service could allow you to attach different OpenIDs to the same set of
> profiles you usually choose from (so the data for you at least is
> still aggregated and centrally editable).
>
> Just a thought.
>
> -- Christian
>
>
>
>
>
>
More information about the general
mailing list