<div dir="ltr">My thoughts exactly. Whitelisting or blacklisting OP's seems like an RP would be constantly chasing ghosts. That is not a maintainable solution for two reasons:<br><br>1. One would need to keep on top of all providers constantly, and be ready to blacklist one that stops complying with the RP's policies. What happens to existing users of that service who use that OP? That's a UX problem.<br>
2. The list of whitelisted/blacklisted providers would vary from one RP to another. This creates inconsistency and would result in a consumer needing to have several OpenID's, one with each major provider, which more or less defeats the purpose of WebSSO...<br>
<br>As I've said before, the same problem once existed with hosts files and then we got DNS.<br><br>- Brandon<br><br><div class="gmail_quote">On Mon, Oct 20, 2008 at 1:36 PM, Paul Madsen <span dir="ltr"><<a href="mailto:paulmadsen@rogers.com">paulmadsen@rogers.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Peter, how would OpenID keep the user-centric principle (which I believe<br>
for you means allowing the user's choice for an OP trump that of RPs?)<br>
in 'some or other form'?<br>
<br>
It seems a binary issue, i.e. an RP either has a whitelist (implying<br>
that the user must pick OPs from within if they want to authenticate<br>
that route or doesnt (implying that the user is not constrained in their<br>
OP choice)<br>
<br>
Is there some meaningful middle ground?<br>
<br>
For the RP to base it's decision on something more dynamic like OP<br>
reputation is more flexible, but it still means eventually the RP will<br>
have to say 'no' to some User when they present their OP.<br>
<br>
paul<br>
<div><div></div><div class="Wj3C7c"><br>
Peter Williams wrote:<br>
> This is what the openid vs saml issue is really all about. If openid loses its uci roots, there is really no reason for openid to exist in my views. If it keeps uci at least in some or other strong form, its made a big difference.<br>
><br>
> Saml is about banks and ttp culture.<br>
> Openid is about people (versus people as mere "users" of such as ttp banks).<br>
><br>
> Of course, both sets of bits and bytes can easily actually address the other's communities. But thats not the point.<br>
><br>
> -----Original Message-----<br>
> From: Martin Atkins <<a href="mailto:mart@degeneration.co.uk">mart@degeneration.co.uk</a>><br>
> Sent: Sunday, October 19, 2008 11:45 PM<br>
><br>
> To be honest, I don't<br>
> care what my bank trusts. I care what I trust.<br>
><br>
> _______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@openid.net">general@openid.net</a><br>
> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
> _______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@openid.net">general@openid.net</a><br>
> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
><br>
><br>
><br>
<br>
</div></div><font color="#888888">--<br>
Paul Madsen e:paulmadsen @ <a href="http://ntt-at.com" target="_blank">ntt-at.com</a><br>
NTT p:613-482-0432<br>
m:613-282-8647<br>
aim:PaulMdsn5<br>
web:<a href="http://connectid.blogspot.com" target="_blank">connectid.blogspot.com</a><br>
</font><div><div></div><div class="Wj3C7c"><br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br></div>