[OpenID] Combining Google & Yahoo user experience research

Mon Oct 20 17:47:15 UTC 2008

I'd be interested in hearing from banks on this actually.
I personally don't know what banks or bank folks think, and would be curious
to know how they're internally thinking about dealing with these issues.

Chris

On Mon, Oct 20, 2008 at 8:28 AM, Brandon Ramirez <
brandon.s.ramirez at gmail.com> wrote:

> Well if the bank can't trust your openid provider (which from their
> perspective is an arbitrary OP), then why should they assume the risk
> of supporting it?  That's nice that you don't care whom they trust,
> but one must consider all stakeholders when deploying technology...
> The bank has to protect itself and frankly *they* don't care who you
> trust.
>
> Sent from my iPhone
>
> On Oct 20, 2008, at 2:44 AM, Martin Atkins <mart at degeneration.co.uk>
> wrote:
>
> > alavillipraveen at aol.com wrote:
> >>  that's because you (a human being) trusted the bank website and
> >> chose to give away your PII. But when the bank gets a request from
> >> an OP that says www.i_am_the_most_secure_openid_provider.com,
> >> saying yes this is Brandon, how can the bank trust it ?
> >
> > Isn't it more important that you (a human being) trust both the bank
> > and the OP? My bank trusting a particular OpenID provider doesn't
> > really help me in any way if I don't trust it myself. To be honest,
> > I don't care what my bank trusts. I care what I trust.
> >
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>

-- 
Chris Messina
Citizen-Participant &
 Open Technology Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081020/31e6e069/attachment-0002.htm>