[OpenID] Combining Google & Yahoo user experience research
SitG Admin
sysadmin at shadowsinthegarden.com
Mon Oct 20 19:14:08 UTC 2008
>Well if the bank can't trust your openid provider (which from their
>perspective is an arbitrary OP), then why should they assume the risk
>of supporting it?
Is there a risk from supporting it?
>The bank has to protect itself and frankly *they* don't care who you
>trust.
Do we care who the bank trusts?
What if the bank were to say "If you use *our* (bank-trusted) IDP
*we* assume liability, but if you want to use any other than our
liability is limited."? (Perhaps coupled with a limit on transactions
conducted with that "less bank-trusted" IDP?)
-Shade
More information about the general
mailing list