I would not need to trust Google, per se. If I'm trying to log into Slashdot, for example, and provide my gmail address and I do not get directed to my Yahoo login page, then I know something is wrong. Google would not be acting as a security proxy of any sort. They would merely tell Slashdot where my OP login page is.
What you would be trusting Google for is not letting anyone else (say, Google) pose as you. That's *their* end of the authentication stick; since they are the party being delegated from as well, you also trust them to be up (available to RP's) when you want to login somewhere.
I'm still confused. The blog or this joint venture site could accept any OpenID identifier and would accept logins for the user associated with that identifier. The user could provide an ID that is in the Yahoo domain, the Google domain, or even his own domain.
It's the OpenID identifier this site would *provide* that I'm thinking about, though I'm still not seeing how it would provide any improvement in uptime (nor, without MultiAuth, security), apart from alternating between (cosigned?) XRD's pointing to each OP in turn; that's more of a political balancing act, and not very effective, either, from what I can see of it so far. Then, it's not as if I've had the time to really look at it, yet; I can't be certain it's useless or (if not) *how* it's useful, until I can thoroughly analyze it.
Right now, it's just something that *seems* as if it might have potential, so I'm inquiring about it. Casually, briefly, and rather less than briefly to respond with what little details I have at this stage.
-Shade _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
