[OpenID] DotNetOpenAuth announces support of the Government profile of OpenID

[SitG Admin]

>It instantly struck me as an odd concern, this "paranoia" when 
>forcing users to communicate through an OP that probably required a 
>LOT of PII from the user (and may provide it to "the government" 
>upon request).
>
>When I used "paranoid" it wasn't intended as a derogatory term, but 
>rather just the level of urgency with which they considered privacy.

I hadn't thought it was, just the irony of being so committed to it 
in one respect while ignoring a classic attack in another.

>assuming the OP doesn't store the generated claimed_ids,

That's kind of the problem right there, yes. Why place major 
corporations in a trusted position when UCI ought to let *users* 
speak as to who *they* consider trustworthy for privacy? I mean, 
*whose* privacy is at risk here?

>>Does the profile permit multi-user OP's to make assertions about 
>>users for whom they have NOT collected any PII?
>
>The profile makes no restrictions whatsoever (at least when I last 
>read an earlier draft) regarding what cares the OP has taken to 
>identify the user if I read it correctly.

Ahh . . . *blink* I can get certified if my OP indiscriminately 
approves *everyone* who tries using it? Or did you mean what cares 
the OP takes to correlate the user's information with external 
sources?

-Shade may be reading this too late at night
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090909/2b973cfa/attachment.htm>