Peter,<br>The tools is configurable from the <a href="http://idselector.com">idselector.com</a> site. Yes, you can create a custom list of OP's, it's an easy drag & drop interface, check it out. Feedback on additional customizations is welcome.<br>
<br>Just to state the obvious, The mission of the idselector is not to gather a bunch of data for Janrain so that it can be exploited or abused. We talked to many RP's & OP's in the last weeks to make sure it was a neutral offering. We have added the same level of security around idselector as our myopenid OP. It's one of the few widgets on the internet that loads entirely over ssl. We see the widget as an ecosystem enabler, just as our opensource libraries are. <br>
<br>larry-<br><br><div class="gmail_quote">On Sun, Apr 20, 2008 at 7:49 AM, Peter Watkins <<a href="mailto:peterw@tux.org">peterw@tux.org</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Sun, Apr 20, 2008 at 06:32:43AM -0700, larry drebes wrote:<br>
> Max,<br>
> The primary goal is to make is to improve the end-user experience for<br>
> OpenID. There is a large user education problem that is throttling OpenID<br>
> growth. We were also trying to make it simple for the RP, and neutral for<br>
> the OPs.<br>
><br>
> The javascript attaches to an existing OpenID login form. In the (rare)<br>
> case the javascript could not load from the (high available) idselector<br>
> server, the form will continue to work, just with out a default value.<br>
><br>
> larry-<br>
<br>
</div>So that's "no" to making the code available for "local" OP installs?<br>
<br>
As a site admin & developer, that's disappointing. Not terrible -- we<br>
can always roll our own as I'd imagined anyway (which would also allow<br>
us complete control over what OPs to list/suggest).<br>
<br>
As a user, I think there's a privacy danger inherent in your current model<br>
that folks should think about. The 3rd-party widget approach means that<br>
idselector could amass information about where & when individual users hit<br>
OpenID login pages. And it means iselector can learn what identities<br>
individual users attempt to claim. It's not just a single point of failure,<br>
it's a single point of data funnelling. If many RPs chose to use something<br>
like this, it could undermine the privacy benefits of the otherwise very<br>
decentralized/federated OP/RP model -- think doubleclick for OpenID.<br>
<font color="#888888"><br>
-Peter<br>
<br>
</font></blockquote></div><br>