[OpenID] Directed Identity vs. "what the user typed"
Martin Atkins
mart at degeneration.co.uk
Mon Mar 23 19:02:38 UTC 2009
SitG Admin wrote:
>
> "You typed in '=arnott', but your OP claims that your OpenID is
> '=!30ds!30df!30df!30df'. Did you want to log in with that Identity anyway?"
>
Yes, I see this as a problem with XRI too, and I agree that it's a good
analogy for the email-addresses-as-identifiers effort.
With identity and security, it's important to be as transparent and
obvious as possible. In the OpenID model where users are expected to be
the primary caretakers of their own identities, it's important that
users have the correct mental model for what's going on even if they
don't understand the technical details.
XRI is deliberately designed to mislead the user about what he is
logging in as, which I would consider to be a misfeature.
More information about the general
mailing list