[OpenID] Widgets and other aggregation
SitG Admin
sysadmin at shadowsinthegarden.com
Tue Jan 27 23:04:59 UTC 2009
To clarify:
"donning my RP hat I want OP's to make it clear to me what they are
doing, one way or another, so I can either reply with the raw data
(relieving an OP the burden of having to filter out *my* formatting)
or send an HTML-formatted page (assuming "end-user"), but from an
OP's perspective I can see where this kind of discrimination could be
abused and there might be a desire to avoid this kind of abuse."
Abuse in the sense of "giving less information, or less accurate
information, to some (preferred) partners than others". In the
non-generic "me" perspective, ALL partners (OP's) are treated equally
- they don't get ANY information their user is authorized to have.
Shouldn't, but can, since the technology enables this per the current
methods. It would be nice if OpenID could compete in the SSO market
on the basis of NOT giving user-designated (but effectively
arbitrary, to permit the user's *independence*) 3rd parties the means
(to go with their motive) to impersonate the user and essentially be
a MITM for that user's data.
-Shade
More information about the general
mailing list