[OpenID] Combining Google & Yahoo user experience research
Praveen Alavilli
AlavilliPraveen at aol.com
Mon Oct 20 15:27:42 UTC 2008
Well typical end users trust what their bank trusts - isn't it ? The
market hasn't changed (well may be for technologists like us but not for
end users) - unless we deal with it, I don't think any end user would go
to their bank and say "you have to accept my OpenID from xyz provider".
Are the users ready to use the same key to open their bank locker, home,
car and mail box ?
Anyway I think I am going tangential. I think the point I was trying to
make in my previous mail is, yes the user might be able to establish
trust with RP and OP separately by himself, but to close the love
triangle, the OP and RP must trust each other in one way or other. You
could argue that they must do it just because the user chose so - but
the users are not always smart.
- Praveen
Martin Atkins wrote:
> alavillipraveen at aol.com wrote:
>
>> that's because you (a human being) trusted the bank website and chose
>> to give away your PII. But when the bank gets a request from an OP that
>> says www.i_am_the_most_secure_openid_provider.com, saying yes this is
>> Brandon, how can the bank trust it ?
>>
>
> Isn't it more important that you (a human being) trust both the bank and
> the OP? My bank trusting a particular OpenID provider doesn't really
> help me in any way if I don't trust it myself. To be honest, I don't
> care what my bank trusts. I care what I trust.
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
More information about the general
mailing list