[OpenID] EU regulators call for tighter privacy provisions onOpenID, Facebook (U)

Fri Jun 19 02:58:18 UTC 2009

I thought Google's idea of tying the id to an RP was strange. But considering
all this it makes sense.

Peter Williams wrote:
> 
> 
> The (painful) description sounds like the SAML2 websso's "transient"
> identifier - a notion that doesn't exist in openid. Each identifier
> released about you from an OP is distinct, so one cannot tell as an RP
> that the same user commanded some or other action at the RP. An OP may or
> may not be able to hold your accountable tho, despite the id firewall.
> 
> ________________________________________
> From: general-bounces at openid.net [general-bounces at openid.net] On Behalf Of
> Dickover, Noel, CTR, NII/DoD-CIO [Noel.Dickover.ctr at osd.mil]
> Sent: Thursday, June 18, 2009 7:37 PM
> To: Allen Tom; OpenID List
> Cc: Noel Dickover
> Subject: Re: [OpenID] EU regulators call for tighter privacy    provisions     
> onOpenID, Facebook (U)
> 
> UNCLASSIFIED
> 
> Hi Tom,
> 
> Just to clarify, if you are referring to the second bullet titled "Use of
> External OpenID Providers to use Multiple Identites when participating in
> Open Govt Conversations", what I was referring to there wasn't using
> multiple email addresses, but that a different URI would be given with
> each
> post command.  The difference I was trying to get at, and I fully admit I
> might have the right verbiage here, is that the user should have the
> option
> of either stringing a series of post commands to appear to be from the
> same
> user OR to have those series of post commands to have no ties to one
> another, other than that they originate from the same Identity Provider,
> like Yahoo.com, for instance.  I wasn't advocating multiple email
> addresses.
> 
> If there is a better way to say this, especially one which will resonate
> to
> those unfamiliar with OpenID, give me the right words.
> 
> Best,
> 
> Noel
> 
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Allen Tom
> Sent: Thursday, June 18, 2009 8:48 PM
> To: Dickover, Noel, CTR, NII/DoD-CIO; OpenID List
> Cc: Noel Dickover
> Subject: Re: [OpenID] EU regulators call for tighter privacy provisions
> onOpenID, Facebook (U)
> 
> Hi Noel,
> 
> Thanks for sending the link to your blog post.
> 
> Given that many people already have multiple email addresses for different
> uses and personas, is it really necessary for OpenID Providers to give
> users
> the option of using different OpenIDs when using the same account to sign
> into different websties?
> 
> Users who already understand the concept of having multiple accounts for
> different purposes can just use different accounts for each persona
> (perhaps
> even using different OPs). OpenID enabled accounts are freely and easily
> available from many major identity providers, and encouraging users who do
> not want their identities correlated across multiple websites to just use
> a
> different account is probably a lot safer from a security and privacy
> perspective than expecting users to use a single account with a single OP,
> with multiple OpenIDs.
> 
> Allen
> 
> 
> 
> Dickover, Noel, CTR, NII/DoD-CIO wrote:
>> I wrote a blog post on my thoughts for Privacy as it affects Open
>> Government initiatives, and how OpenID could potentially help in the
>> future.  They liked it enough that they asked to repost it on the
>> PrivacyDC blog.  The link is here if anyone wants to give me some
>> thoughts on it:
>>
>> http://privacycamp.wordpress.com/2009/06/16/gov2-0-privacy-issues-for-
>> pr
>> ivacycampdc/
>>
>>
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
> 
> 

-----

Santosh Rajan
http://santrajan.blogspot.com http://santrajan.blogspot.com 
-- 
View this message in context: http://www.nabble.com/EU-regulators-call-for-tighter-privacy-provisions-on-OpenID%2C-Facebook-tp24102174p24104752.html
Sent from the OpenID - General mailing list archive at Nabble.com.