On 10/14/06, Chris Drake <[EMAIL PROTECTED]> wrote: > JH> Where is power being granted to the RP? It has pretty much none. > JH> It *does* have responsibility, but only as much as is necessary to > JH> make the protocol work. > > If RPs are allowed to build up linked portfolios of everyones > identifiers, they can get together with other RPs (or sniff IDs in > google) to snoop on and conspire against our users behind their backs. > If the true spirit of OpenID is to empower users, it's seriously > neglectful to block users from protecting their own privacy.
Relying parties only get to see identifiers that users choose to give them. I don't see how this is a breach of privacy. > JH> Huh? How is IdP-initiated login related to privacy or portability? > > It is ** NONE OF THE RPs BUSINESS ** how the OpenID that got presented > to it was originally selected by, or resolved for, our Users. Letting > the IdP initiate a login allows the IdP to PRIVATELY negotiate with > the user over which identity to present (which for anyone who cares > about privacy, will usually be a per-site identity not linked to their > main OpenID or vanity domain or whathaveyou.). I think I am finally starting to see the position from which you're arguing, and I think you're making much ado about nothing. IdP-driven identifier selection is part of OpenID 2.0, which lets users enter just their IdP instead of a personal identifier. Site-specific identifiers will most likely be issued by the IdP, so they'll be IdP-specific, which means that the portable identifier discussion is irrelevant, since that feature is not invoked for IdP-specific identifiers. Users are not forced to disclose an identifier that can be correlated. Given *the current draft of OpenID with no modifications,* the only thing that the relying party has to know that can be used to correlate users is what IdP is making the assertion. Josh _______________________________________________ specs mailing list email@example.com http://openid.net/mailman/listinfo/specs