[OpenID] Fwd: [OpenID Foundation] New Poll Opened
SitG Admin
sysadmin at shadowsinthegarden.com
Mon Mar 23 01:55:45 UTC 2009
>And to be fair, it was and still is the mega-OP with openid2
>capabilities that drives our commercial interest (seeing as they can
>nowhandle the ~6 million accounts of users who occasionally come to
>our site, now to authenticate using websso - or "identity
>verification").
Recalling the "post office to make identity unique and verifiable"
posts we made back in December:
http://openid.net/pipermail/general/2008-December/007046.html
http://openid.net/pipermail/general/2008-December/007048.html
It's not a question of who IS trustworthy; with that much power in
the hands of any one (centralized) authority, even when corruption is
not imaginable, it would become too tempting a target for outside
criminals to compromise. Security would go up to protect the system
from that, and the end users would be inconvenienced (maybe even have
to pay more, subsidizing the costs) for a feature they might not be
using!
Then again, can't we send registered mail nowadays and only pay for
that level of security when we want it?
Perhaps a better approach, here, would be (for the larger OP's) to
rebrand OpenID - as CorpID ;) (for Corporate) or FedID
(Federated/Federal) - naming its suitability of purpose. The same
underlying technology, but users who want their "OpenID" could be
given a clearly different set of information about its implications
(and concerned OP's might insist that users select a "disposable"
password for their phishable OpenID), not easily confused for the
reliable ID.
-Shade
More information about the general
mailing list