I'm biased here, but I think the combination of OP MultiAuth[1] and OP Delegation[2] could mitigate some of the risks inherent with this idea. <br><br>First, a user could use OP Delegation to require MulitAuth for his/her Bank RP, but not for his/her Facebook activity stream (because the user wants a single OP to grab his facebook data and display it using the OP's skin). Any other RP's (like the Bank RP) would require MultiAuth, preventing the OP from getting bank info without the user's consent.<br>
<br>Another thought here is how OAuth could be used to accomplish what you're thinking.....<br><br>david<br><br>[1] <a href="http://wiki.openid.net/f/openid-provider-multiauth-extension-1_0-2.html">http://wiki.openid.net/f/openid-provider-multiauth-extension-1_0-2.html</a><br>
[2] <a href="http://wiki.openid.net/f/openid-provider-delegation-extension-1_0-1.html">http://wiki.openid.net/f/openid-provider-delegation-extension-1_0-1.html</a><br><br><div class="gmail_quote">On Tue, Jan 27, 2009 at 1:51 AM, SitG Admin <span dir="ltr"><<a href="mailto:sysadmin@shadowsinthegarden.com">sysadmin@shadowsinthegarden.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I've been thinking about the ability of OP's to log in as any user they (have the power to) represent, whether acting on behalf of that user or not. Some (especially where the OP is already a walled garden, and wants to keep the user's UX consistent with their own skin) will want to act like an RSS client and check in with RP's, repackage the information, then present it to the user in the desired format. It would be like a widget, presenting cherry-picked information combined from all your favorite OpenID-enabled sites.<br>
<br>
This is even conceivably desirable as a privacy benefit, since other RP aren't authorized to know what skins the user prefers at their OP (and secondarily it then becomes a *security* benefit, inasmuch as the use of any *other* skins would break UX consistency and alert the user to an attacker's attempt to spoof the OP).<br>
<br>
But this complicates accountability; suddenly, without the user's knowledge or consent, a "feature" at their OP is providing potentially confidential data to a site (their OP) that has not signed any legally binding contracts with the user *or* the RP; a site with unknown security standards, that may be trivially hacked into; a site with unknown privacy policies, that may share with undisclosed 3rd parties the data it accesses; a site with unknown data retention policies, but even if it promises to keep the data "just long enough to display for the user" I (for one) would STILL have objections, mostly for the other reasons stated).<br>
<br>
-Shade<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</blockquote></div><br>