[Marketing] I object to OpenID whitelists
Mark Atwood
me at mark.atwood.name
Tue Jul 3 18:37:41 UTC 2007
Meng Weng Wong <mengwong at pobox.com> writes:
> >
> Hey everyone, I just subscribed to all the mailing lists. I have
> some cycles free to contribute to the community now and I want to
> start with whitelists.
I dislike whitelists for OpenID.
Because I run my own OpenID server just for myself, as I suspect many
of the more sophisticated OpenID users will. And the spread of
whitelists will make doing that impossible.
If someone is truely worried about their OpenID provider turning evil,
running one's own is an option, and presently is an easy option.
If I have to worry about me stealing my own online identity,
and then me going around pretending to me,
I have much bigger problems than just data security protocols...
I can see a use for whitelists for a few cases, such as a whitelist
of OpenID providers that can make legally valid statements about
the legal name and age of the person, for sites that want age verification.
Or a whitelist of OpenID providers who provide true two-factor
hardware auth, such that can be trusted by a bank.
(Right now, the first whitelist has only one member, and the second one
is empty.)
But a whitelist of "well known OpenID providers", brings nothing of
value to OpenID, and in fact, *removes* value from the system.
--
Mark Atwood When you do things right, people won't be sure
me at mark.atwood.name you've done anything at all.
http://mark.atwood.name/ http://fallenpegasus.livejournal.com/
More information about the marketing
mailing list