<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Peter Watkins:
<blockquote cite="mid:20080420201134.A7523@gwyn.tux.org" type="cite">
<pre wrap="">On Sun, Apr 20, 2008 at 08:21:25AM -0700, larry drebes wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Peter,
The tools is configurable from the idselector.com site. Yes, you can
create a custom list of OP's, it's an easy drag & drop interface, check it
out. Feedback on additional customizations is welcome.
Just to state the obvious, The mission of the idselector is not to gather a
bunch of data for Janrain so that it can be exploited or abused. We talked
to many RP's & OP's in the last weeks to make sure it was a neutral
offering. We have added the same level of security around idselector as our
myopenid OP. It's one of the few widgets on the internet that loads
entirely over ssl. We see the widget as an ecosystem enabler, just as our
opensource libraries are.
larry-
</pre>
</blockquote>
<pre wrap=""><!---->
Thanks for the clarification. Loading over https is immaterial -- the privacy,
security, and availability concerns remain. I'm not sure why you seem drawn
to the remote scripting model, as opposed to offering a link or attribution
model that would resolve all social and technical concerns about idselector
*and* reduce your infrastructure costs, but I don't want to drag this out.
I think I've made clear already for whatever it's worth that
1) As an admin, I'd never use a remote scripting service like this.
2) I think wide adoption of idselector could adversely affect OpenID's uptake
given the intrinsic privacy problems with your model. As Thomas said,
your model goes far beyond any regular OpenID "nature of the beast" concerns.
I do think something like ideslector is a good idea. As I said earlier, I'd been
thinking about this sort of thing for making it easier for regular AOL and Yahoo!
users to use OpenID on the sites I'm responsible for. I can only hope that your
remote scripting model "fails in the marketplace" as we Yanks like to say. No malice
intended, I just think hosting the resources outside the RPs is the wrong approach.
Not trying to be sarcasatic at all -- it does look quite nice.
</pre>
</blockquote>
<br>
I too think it does look quite nice. I'm not sure what Larry's
intentions really are, but for many it doesn't matter where it's hosted
and therefore provides an excellent service. For others there might be
an option to download an archive and serve it locally? I think that
would be the killer app for all OpenID RP implementations and would
provide a familiar face for future common login facilities....<br>
<br>
Larry, do you have such intentions?<br>
<br>
<br>
<div class="moz-signature">-- <br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, <a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>Jabber: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Phone: </td>
<td>+1.213.341.0390</td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>