[OpenID] Combining Google & Yahoo user experience research
Brandon Ramirez
brandon.s.ramirez at gmail.com
Mon Oct 20 15:28:16 UTC 2008
Well if the bank can't trust your openid provider (which from their
perspective is an arbitrary OP), then why should they assume the risk
of supporting it? That's nice that you don't care whom they trust,
but one must consider all stakeholders when deploying technology...
The bank has to protect itself and frankly *they* don't care who you
trust.
Sent from my iPhone
On Oct 20, 2008, at 2:44 AM, Martin Atkins <mart at degeneration.co.uk>
wrote:
> alavillipraveen at aol.com wrote:
>> that's because you (a human being) trusted the bank website and
>> chose to give away your PII. But when the bank gets a request from
>> an OP that says www.i_am_the_most_secure_openid_provider.com,
>> saying yes this is Brandon, how can the bank trust it ?
>
> Isn't it more important that you (a human being) trust both the bank
> and the OP? My bank trusting a particular OpenID provider doesn't
> really help me in any way if I don't trust it myself. To be honest,
> I don't care what my bank trusts. I care what I trust.
>
More information about the general
mailing list