Identifier portability: the fundamental issue
Martin Atkins
mart at degeneration.co.uk
Mon Oct 16 19:24:45 UTC 2006
Chris Drake wrote:
>
> There seem to be a lot of people on this list who want to hate and
> loathe the IdP, and grant all power to the RP. I do not understand
> this reasoning: our users will select the IdP they trust and like,
> then they will be using a multitude of possibly hostile RPs
> thereafter: the reverse is simply not true.
>
If I'm using one IdP to assert my primary public identity, they can
hypothetically develop quite a profile about me. I probably don't mind
too much in most cases, because I researched them and found that they
are a good provider and won't sell my data out to the bad guys.
However, there might be some things I want to do (for example, posting
locally-prohibited speech on a public forum) that I don't want attached
in any way, shape or form to my public identity. The trust relationship
I have with that IdP probably isn't enough for this; if there is any
record at all of any association between these two identities, as
friendly as my IdP may be, there is a chance that it will be ceased by
court order, or leaked by an insider, which might lead to me getting in
serious legal trouble.
This is just one (perhaps extreme) example of why my trust in my IdP is
not universal and all-encompassing. Trust is not a boolean.
More information about the specs
mailing list