[OpenID] Proxying (with OpenSocial) through experimental.openid.net to promote OpenID
David Recordon
david at sixapart.com
Mon Aug 10 17:31:11 UTC 2009
While this idea isn't brand new – Simon Willison ran idproxy.net for a
few years that turned Yahoo! accounts into OpenIDs – I don't think it
is a viable long term solution. Rather, usage of this sort of
proxying shows a userbase's desire to have their accounts OpenID
enabled to log in elsewhere.
I would never want to see the OpenID Foundation run an OpenID Provider/
Proxy for wide usage. We should instead be creating a healthy
ecosystem with plenty of providers and consumers.
--David
On Aug 9, 2009, at 9:55 PM, SitG Admin wrote:
>> What don't you like?
>
> The centralization. It would make the OIDF's servers an appealing
> target to those looking for Identity correlation.
>
> I've thought about it some more, though. It seems to me that the
> opening here is only for OpenSocial sites where OpenID is impossible
> (even by delegation), and the OIDF wouldn't be seeing the user's
> activity from actual OP's, so attackers could only correlate
> Identities from experimental sites the user was playing with (unless
> they had logins with their own services, but that doesn't add much
> to the OIDF's potential database). Furthermore,
> experimental.openid.net really ought to be using SSL, so a savvy
> user could easily bounce their (encrypted) connection around a proxy
> or few before connecting, confusing even further the server's idea
> of who a user was (and, its ability to associate them with any other
> login). Relying on the average user to figure out proxies, though,
> seems a bit much. Challenging them to follow a tutorial would chill
> adoption, so perhaps just a warning (and maybe link to some stories
> explaining what might happen).
>
> -Shade
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
More information about the general
mailing list