[OpenID] Widgets and other aggregation

[SitG Admin]

>>>Any other RP's (like the Bank RP) would require MultiAuth, 
>>>preventing the OP from getting bank info without the user's 
>>>consent.
>>
>>Making it more difficult; requiring collaboration, and (if it came 
>>to legal action) even conspiracy ;)
>
>Not sure I follow here, especially the part about conspiracy.

It would still technically be possible for the OP to get bank info 
without the user's consent, it would just be more difficult since 
they would need to enlist the aid of another OP (trusting that the OP 
wouldn't just turn them in for attempting it). I wouldn't be 
surprised if banks adopted OpenID as a gateway to other 
authentication measures, and then STILL required a password (outside 
of OpenID) from the user. It would reduce the SSO benefits (but not 
eliminate them entirely, if the user visited other sites that didn't 
require such security levels), pending of course any future updates 
to OpenID which might eventually remove this risk, thus permitting 
the banks to remove that requirement.

When money is involved (especially LOTS of money), people can be 
crazy. We're not talking about a user feature, here - we're talking 
about an OP that thinks "Hey, lots of people are using me to vouch 
for their identity at the bank website, and this hasn't mattered to 
me before, but this fellow here is RICH, so it may be worth going to 
jail on the off chance that *one* of the employees at their other 
OP's can be bribed with a share of the spoils - which is still 
plenty, even after I give them all *their* cut - into making an 
exception to SOP this once."

If it's just one person taking advantage of an opportunity afforded 
to them by their position, it's fraud. But if you have *multiple* 
people combining their influence to deliberately commit fraud, you 
may be looking at some conspiracy charges, there, too :(

-Shade