[OpenID] Banking and OpenID (was: Widgets and other aggregation)

[SitG Admin]

>I actually don't think my bank website needs to be *that* secure.

Login is the wrong place to look for banks (and many other 
institutions), as far as I'm concerned. We *should* be asking "Why 
does our information NEED to be online like that, if/when we don't 
even use the internet?", and challenging data repositories to take 
better care of safeguarding our data. To mix our metaphors, why 
should the bank be allowed to force me to keep all my money under a 
mattress, protected only by the locks on my doors and windows, when 
we have these nifty things called "vaults" (located, conveneniently 
enough, in the aforementioned "banks") to keep it in instead? I think 
the bank would rebel at taking liability for money stolen from under 
my mattress when they already provide a vault for them to keep their 
eyes on - one centralized secure location, rather than a mattress for 
every user.

>At the end of the day, I feel like you're making the arguement that 
>says, "Hey, MultiAuth is maybe 100% better than SingleAuth, but it's 
>not perfect, so let's not do it".

There are some sites for which SingleAuth would be unacceptable, I 
think; whether MultiAuth would be acceptable seems like something 
that would depend more upon politics and/or the law than on the 
technology involved. I'm also thinking that, if the user is already 
remembering two or more passwords for their MultiAuth OP's, what's 
one more for the bank?

-Shade