[OpenID] Combining Google & Yahoo user experience research

Paul Madsen paulmadsen at rogers.com
Mon Oct 20 18:36:53 UTC 2008 

Thanks, OpenID's delegation mechanism is undeniably powerful (not sure I 
see the connection to SAML affiliations though?).

But the enhanced ability to switch IDPs isn't the 'user empowering 
aspect' of OpenID I was asking about - rather the hardline view that a 
User's choice of OP takes complete priority over whatever the RP might 
think about the matter.

Is an RP ever declining a user specified OP compatible with your view 
(at least my interpretation of) of user-centric?

paul

Peter Williams wrote:
> The direct analogy here is the (us initiated) number portability issue. Only a few years ago, ttps known as phone companies had an 80year old  leverage over you when considering whether to swap to a better cell/mobile carrier: you lost your phone number upon switching vendor. Recovery from that loss - in your phone-based social network - was a real hassle.
>
> Uci/openid is FOR number portability where traditional saml is not. (metaphor, note). Loss of an idp account is a indirect control signal to rps in the saml world: its an irrelevancy in the uci world which denies ops any "controlling" role.
>
> Of course the phone companies can still ultimately  get together and deny you any binding to the public space as you float your consistent number between carriers, if all you are doing is spewing unrepentant hate etc.  Such has to be true for the mainstream consumers/sps.
>
> Saml's ability to create "formal affliations of SPs/spokes" is probably the 'middle ground' between absolute uci and total ttp (aka crypto anarchy vs big brother). Not a trust model, openid might learn to value what an sp affiliation does, and build on it in openid auth proper, just as its starting to do in openid ax update.
>
> -----Original Message-----
> From: Paul Madsen <paulmadsen at rogers.com>
> Sent: Monday, October 20, 2008 10:36 AM
> To: Peter Williams <pwilliams at rapattoni.com>
> Cc: general at openid.net <general at openid.net>
> Subject: Re: [OpenID] Combining Google & Yahoo user experience research
>
>
> Peter, how would OpenID keep the user-centric principle (which I believe
> for you means allowing the user's choice for an OP trump that of RPs?)
> in 'some or other form'?
>
> It seems a binary issue, i.e. an RP either has a whitelist (implying
> that the user must pick OPs from within if they want to authenticate
> that route or doesnt (implying that the user is not constrained in their
> OP choice)
>
> Is there some meaningful middle ground?
>
> For the RP to base it's decision on something more dynamic like OP
> reputation is more flexible, but it still means eventually the RP will
> have to say 'no' to some User when they present their OP.
>
> paul
>
> Peter Williams wrote:
>   
>> This is what the openid vs saml issue is really all about. If openid loses its uci roots, there is really no reason for openid to exist in my views. If it keeps uci at least in some or other strong form, its made a big difference.
>>
>> Saml is about banks and ttp culture.
>> Openid is about people (versus people as mere  "users" of such as ttp banks).
>>
>> Of course, both sets of bits and bytes can easily actually address the other's communities. But thats not the point.
>>
>> -----Original Message-----
>> From: Martin Atkins <mart at degeneration.co.uk>
>> Sent: Sunday, October 19, 2008 11:45 PM
>>
>> To be honest, I don't
>> care what my bank trusts. I care what I trust.
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>>
>>
>>     
>
> --
> Paul Madsen             e:paulmadsen @ ntt-at.com
> NTT                     p:613-482-0432
>                         m:613-282-8647
>                         aim:PaulMdsn5
>                         web:connectid.blogspot.com
>
>
>
>   

-- 
Paul Madsen             e:paulmadsen @ ntt-at.com
NTT                     p:613-482-0432
                        m:613-282-8647
                        aim:PaulMdsn5
                        web:connectid.blogspot.com

More information about the general mailing list