<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:2079093160;
mso-list-type:hybrid;
mso-list-template-ids:1357700468 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Hold on. I don’t see what is being specifically cited here
as necessarily a benefit – and certainly not what OpenID is about, in its
baseline assurances. What’s being presented is a value-added service by
an OP that goes beyond OpenID properties –and evidently discloses correlations/datamining
to account holders (and possibly others).<o:p></o:p></span></p>
<div style='mso-element:para-border-div;border:none;border-bottom:solid windowtext 1.0pt;
padding:0in 0in 1.0pt 0in'>
<p class=MsoNormal style='border:none;padding:0in'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p>
</div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Mainline site = OP = disqus.com = openid provisioner<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>RP site = change.gov = where citizens leave comments, verified
or not (and verified by any openid1 OP, including disqus.com)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>If disqus.com OP is used by user (versus some other OP), a
citizen may optionally visit discus.com (acting as just an value-adding RP of
its own OP service).<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>The RP discus.org datamines its OP-function logs, and presents a
list of other-RP sites where - in its OP-function – it has previously delivered
verified-openids.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>So far, so good – as this is essentially the same as
myopenid, its audit trial, and its configuration of per-RP attribute release
policies.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>------------<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Beyond OpenID compliance, however:-<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>A. However discus.com RP goes one step further in that it appears
to know the specific comment URI for which, earlier, it deliver a verified
openid to a “known” commenting site – an RP in the ‘discus
trust network”, such as change.gov.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>B. Either by dynamic de-reference or by OOB replication, the
discus.com RP aggregates all the comments’ texts associated with a verified
openid and presents them for viewing.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I don’t necessarily like the properties of A and B. And
I don’t like them being labeled an “openID function”<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I want an OP to normally ONLY know that RPx was the recipient of
a verified id. I don’t want it to have the ability to trace/track which _<i>transaction</i>_
on the RP it was applied to (e.g. some specific comment origination). And,
I certainly don’t want it to BY DEFAULT cross-correlate the originated
comments across many RPs.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>For all I know, there could be a deal between RP change.gov and
OP/RP discus.com that allows, under my account’s terms of service,
change.gov to also see some or all of the places where a verified id used on
change.gov…has deposited comments elsewhere.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>If I deliver some series of politically-incorrect comments on change.gov
(and get, like Paul Newman, put onto a whitehouse enemies list for simply being
too active, vocal or effective in argument), one can see the FBI or US Secret Service
wanting to EASILY see the list of where else I’ve commented – to assess
the threat level I pose.That threat level would normally be a function of my associations,
which will include being associated with a commenting site …such as
trots.org. I have no doubt discus.com would hand it over this list of
associations in an instant, without informing me - and do that
irrespective of what the terms of service require, under the freedom of contact.<o:p></o:p></span></p>
<div style='mso-element:para-border-div;border:none;border-bottom:solid windowtext 1.0pt;
padding:0in 0in 1.0pt 0in'>
<p class=MsoNormal style='border:none;padding:0in'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p>
</div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>So, yes, we are clearly rapidly maturing! Evidently, some OPs
are failing to segregate duties. Their opportunity to correlate is being bunded
with identity-verification services. While it being sold as a UCI benefit, in
reality it’s much more likely to be being sold to the RPs, for a backroom
fee. Even if that fee subsidizes valuable end-user services (just as Google’s
adwords correlations-based search revenue subsidizes all the “stuff”
Google deliver “at no cost”), the conflagration of identity
provider and value-added provider is dubious. The OP is no longer a _<i>disinterested</i>_
third party in your actions on the RP site(s).<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
general-bounces@openid.net [mailto:general-bounces@openid.net] <b>On Behalf Of </b>Chris
Messina<br>
<b>Sent:</b> Friday, November 28, 2008 12:47 PM<br>
<b>To:</b> Sam Alexander<br>
<b>Cc:</b> OpenID List<br>
<b>Subject:</b> Re: [OpenID] OpenID on change.gov<o:p></o:p></span></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>To expand on this, the value in the Disqus and IntenseDebate
systems is that a user can sign up for an account on either mainline site
(centrally on <a href="http://disqus.com">disqus.com</a> or <a
href="http://intensedebate.com">intensedebate.com</a>) and then reuse those
accounts elsewhere.<o:p></o:p></p>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Moreover, by using a verified identifier (without having to
divulge one's password to an untrusted third party site), you can then go back
to the mainline sites to see an aggregated view of the comments you've left on
the sites that support any of these systems.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Of course it requires many sites and commenting forms to
adopt either of these services, but it demonstrates a value of being able to
leave a comment in the wild and then see follow up responses in one place (a
user-centric value-add).<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'>Chris<o:p></o:p></p>
<div>
<p class=MsoNormal>On Thu, Nov 27, 2008 at 6:25 PM, Sam Alexander <<a
href="mailto:sam.alexander@vidoop.com">sam.alexander@vidoop.com</a>> wrote:<o:p></o:p></p>
<p class=MsoNormal>Eric, you are confusing adoption and usefulness. While you
are right,<br>
there are probably very few OpenID-backed comments, OpenID's<br>
usefulness is an entirely different question.<br>
<br>
OpenID remains a powerful extension of Identity on the web. While a<br>
common username/email comment adds no RECIPROCAL value to the<br>
commentor, an OpenID comment WOULD. It would allow that comment to be<br>
attributed to a specific, verified URL owner.<br>
<br>
While few of the 3,000 commentors may be aware of this value. The<br>
added value still exists.<br>
<span style='color:#888888'><br>
- Sam Alexander</span><o:p></o:p></p>
<div>
<div>
<p class=MsoNormal><br>
On Nov 27, 2008, at 3:18 PM, Eric Norman <<a
href="mailto:ejnorman@doit.wisc.edu">ejnorman@doit.wisc.edu</a>> wrote:<br>
<br>
><br>
> On Nov 27, 2008, at 4:47 PM, Peter Williams wrote:<br>
><br>
>> Its a request for comments: thats a classical use of openid: and no<br>
>> authority is required to uniquely leave your/a (citable) web id<br>
>> attached to your opinion. Its easy to fllowup with uou, given the<br>
>> inherent linkback to the identity page.<br>
><br>
> It appears that anyone can leave a comment without the OpenID<br>
> stuff or without going through some registration process.<br>
> Furthermore, I doubt if they have either the time or motivation<br>
> to follow up on anything. Nevertheless, they do provide you<br>
> with a way to provide an optional email address.<br>
><br>
> Hence, I'll repeat the question. Why would anyone want to use<br>
> OpenID here? I seems to add nothing more than extra work.<br>
><br>
> Or let me put it this way. As of yesterday, there were close<br>
> to 3,000 comments on health care. How many of those do you<br>
> think used OpenID to leave their comment? I'll bet on close<br>
> to zero.<br>
><br>
>> If the founding openid culture doesn't fit with grassroots<br>
>> commenting,<br>
>> where does it fit!?<br>
><br>
> Where it adds value.<br>
><br>
> By the way Peter, it seem that your system is the one adding<br>
> "LIKELY SPAM" to subject lines.<br>
><br>
> Eric Norman<br>
><br>
> _______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@openid.net">general@openid.net</a><br>
> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><o:p></o:p></p>
</div>
</div>
</div>
<p class=MsoNormal><br>
<br clear=all>
<br>
-- <br>
Chris Messina<br>
Citizen-Participant &<br>
Open Technology Advocate-at-Large<br>
<a href="http://factoryjoe.com">factoryjoe.com</a> # <a
href="http://diso-project.org">diso-project.org</a><br>
<a href="http://citizenagency.com">citizenagency.com</a> # <a
href="http://vidoop.com">vidoop.com</a><br>
This email is: [ ] bloggable [X] ask first [ ]
private<o:p></o:p></p>
</div>
</div>
</body>
</html>