[OpenID] Combining Google & Yahoo user experience research

SitG Admin sysadmin at shadowsinthegarden.com
Mon Oct 20 19:14:08 UTC 2008


>Well if the bank can't trust your openid provider (which from their
>perspective is an arbitrary OP), then why should they assume the risk
>of supporting it?

Is there a risk from supporting it?

>The bank has to protect itself and frankly *they* don't care who you
>trust.

Do we care who the bank trusts?

What if the bank were to say "If you use *our* (bank-trusted) IDP 
*we* assume liability, but if you want to use any other than our 
liability is limited."? (Perhaps coupled with a limit on transactions 
conducted with that "less bank-trusted" IDP?)

-Shade



More information about the general mailing list