<html><body bgcolor="#FFFFFF"><div>True, I am making assumptions by putting myself in their shoes. I too would like to hear from some of these folks. Each bank re-inventing the wheel doesn't seem to make a lot of sense, but neither does a federated solution.<br><br>Sent from my iPhone</div><div><br>On Oct 20, 2008, at 1:47 PM, "Chris Messina" <<a href="mailto:chris.messina@gmail.com">chris.messina@gmail.com</a>> wrote:<br><br></div><div></div><blockquote type="cite"><div>I'd be interested in hearing from banks on this actually.<div><br></div><div>I personally don't know what banks or bank folks think, and would be curious to know how they're internally thinking about dealing with these issues.</div>
<div><br></div><div>Chris<br><br><div class="gmail_quote">On Mon, Oct 20, 2008 at 8:28 AM, Brandon Ramirez <span dir="ltr"><<a href="mailto:brandon.s.ramirez@gmail.com"><a href="mailto:brandon.s.ramirez@gmail.com">brandon.s.ramirez@gmail.com</a></a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Well if the bank can't trust your openid provider (which from their<br>
perspective is an arbitrary OP), then why should they assume the risk<br>
of supporting it? That's nice that you don't care whom they trust,<br>
but one must consider all stakeholders when deploying technology...<br>
The bank has to protect itself and frankly *they* don't care who you<br>
trust.<br>
<br>
Sent from my iPhone<br>
<br>
On Oct 20, 2008, at 2:44 AM, Martin Atkins <<a href="mailto:mart@degeneration.co.uk"><a href="mailto:mart@degeneration.co.uk">mart@degeneration.co.uk</a></a>><br>
wrote:<br>
<div><div></div><div class="Wj3C7c"><br>
> <a href="mailto:alavillipraveen@aol.com"><a href="mailto:alavillipraveen@aol.com">alavillipraveen@aol.com</a></a> wrote:<br>
>> that's because you (a human being) trusted the bank website and<br>
>> chose to give away your PII. But when the bank gets a request from<br>
>> an OP that says <a href="http://www.i_am_the_most_secure_openid_provider.com" target="_blank"><a href="http://www.i">www.i</a>_am_the_most_secure_openid_provider.com</a>,<br>
>> saying yes this is Brandon, how can the bank trust it ?<br>
><br>
> Isn't it more important that you (a human being) trust both the bank<br>
> and the OP? My bank trusting a particular OpenID provider doesn't<br>
> really help me in any way if I don't trust it myself. To be honest,<br>
> I don't care what my bank trusts. I care what I trust.<br>
><br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net"><a href="mailto:general@openid.net">general@openid.net</a></a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank"><a href="http://openid.net/mailman/listinfo/general">http://openid.net/mailman/listinfo/general</a></a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Chris Messina<br>Citizen-Participant &<br> Open Technology Advocate-at-Large<br><a href="http://factoryjoe.com">factoryjoe.com</a> # <a href="http://diso-project.org">diso-project.org</a><br>
<a href="http://citizenagency.com">citizenagency.com</a> # <a href="http://vidoop.com">vidoop.com</a><br>This email is: [ ] bloggable [X] ask first [ ] private<br>
</div>
</div></blockquote></body></html>