>> <span class="Apple-style-span" style="border-collapse: collapse; ">I believe that Google is returning unique identifiers for each RP that the user signs into, which is different than Yahoo's implementation. However, Google is sharing the user's email address which arguably is better suited for identity consolidation/correlation compared to an OpenID URL.</span><div>
<span class="Apple-style-span" style="border-collapse: collapse;"><br></span></div><div><span class="Apple-style-span" style="border-collapse: collapse;">Allen is correct. Our new OpenID IDP returns identifiers that are unique per RP. However our Blogger IDP still returns the same URL to each RP, i.e. the URL of the person's blog.<br>
</span><br><div class="gmail_quote">On Wed, Nov 5, 2008 at 5:06 PM, Allen Tom <span dir="ltr"><<a href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div bgcolor="#ffffff" text="#000000">
Hi Nate - <br>
<br>
By default, Yahoo users get a single machine generated OpenID
identifier which is used at all RPs that the user signs into. Because
the identifier is not unique to the RP, the user can be identified
across multiple sites.<br>
<br>
Prior to launching our OpenID service, Yahoo's policy with our
proprietary SSO service was to issue RP-specific identifiers to prevent
RPs from sharing data about the user and correlating user behavior
across different sites.<br>
<br>
Based on our discussions with the OpenID community, we concluded that
the spirit of OpenID is to allow a user to reuse the same identity
across the net, which implied that we should not vary the identifier
that is returned to RPs. We believe that there is value in having an
identifier with a reputation attached to it, and that in the future,
RPs may be able to take the user's reputation into account to optimize
the content and services given to first time visitors.<br>
<br>
I believe that Google is returning unique identifiers for each RP that
the user signs into, which is different than Yahoo's implementation.
However, Google is sharing the user's email address which arguably is
better suited for identity consolidation/correlation compared to an
OpenID URL.<br>
<br>
Allen<br>
<br>
<br>
Nate Klingenstein wrote:
<blockquote type="cite">Nat,
<div><br>
</div>
<div>I agree, and I'm glad you highlighted this. Privacy also
pertains strongly to other attributes. I think consistent use of AX as
a transport protocol makes it much easier for sites to give proper
privacy options to users.</div>
<div><br>
</div>
<div>Separately, persistent opaque identifiers are a really good
thing, especially when unique to a particular RP/SP. When Yahoo first
made the decision to use them as the default in their implementation, I
was worried that most of their applications, users, and developers
would be baffled, and didn't know why they weren't targeted. I wonder
if Allen has any new words of wisdom to share now that he has
experience with them in practice.</div>
<div><br>
</div>
<div>Take care,</div>
<div>Nate.</div>
<div>
<div><br>
<blockquote type="cite"><span style="border-collapse:separate;color:rgb(0, 0, 0);font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">
<div>Now, IMHO, privacy advocates have much to say on this:
correlations. </div>
<div>So, we should tread carefully in this area, though. </div>
</span></blockquote>
</div>
<br>
</div>
<pre><hr size="4" width="90%">_______________________________________________
general mailing list
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a>
</pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
<br></blockquote></div><br></div>