[OpenID] Combining Google & Yahoo user experience research
SitG Admin
sysadmin at shadowsinthegarden.com
Mon Oct 20 16:34:52 UTC 2008
At 12:28 PM -0400 10/19/08, Brandon Ramirez wrote:
>When a person identifies themselves, we need some element of trust
>(if we're in person and we've met them before, our memory provides
>that trust, if not, a photo ID , etc.).
What is our memory recalling? Not trust, but an assurance that the
face we're seeing now is a face we've seen before (associated with
that identity). What is the photo ID providing? Not trust, but an
assertion that it represents the trust someone else has placed in
that face going with that identity. Neither of these offer ANY
protection against someone imitating the face. Where is the trust
here?
At 12:45 PM -0400 10/19/08, Brandon Ramirez wrote:
>So it's great security if you need very little security?
It would be ironic if the steadily reducing levels of security in
modern banking (and other areas where transactions of "real" value
take place) suddenly thrust OpenID into the spotlight when everything
else dropped *below* its level :D
At 11:38 PM -0400 10/19/08, Brandon Ramirez wrote:
>Financial transactions needs to actually authenticate a living
>person, and that is impossible to do without an established trust
>model.
How do trust models *become* established? I mean, at some point, each
of them must have been *not* established, right? They didn't exist
from the dawn of all time ;)
-Shade
More information about the general
mailing list