On 10/14/06, Chris Drake <[EMAIL PROTECTED]> wrote:
> JH> Where is power being granted to the RP? It has pretty much none.
> JH> It *does* have responsibility, but only as much as is necessary to
> JH> make the protocol work.
> If RPs are allowed to build up linked portfolios of everyones
> identifiers, they can get together with other RPs (or sniff IDs in
> google) to snoop on and conspire against our users behind their backs.
> If the true spirit of OpenID is to empower users, it's seriously
> neglectful to block users from protecting their own privacy.

Relying parties only get to see identifiers that users choose to give
them. I don't see how this is a breach of privacy.

> JH> Huh? How is IdP-initiated login related to privacy or portability?
> It is ** NONE OF THE RPs BUSINESS ** how the OpenID that got presented
> to it was originally selected by, or resolved for, our Users.  Letting
> the IdP initiate a login allows the IdP to PRIVATELY negotiate with
> the user over which identity to present (which for anyone who cares
> about privacy, will usually be a per-site identity not linked to their
> main OpenID or vanity domain or whathaveyou.).

I think I am finally starting to see the position from which you're
arguing, and I think you're making much ado about nothing.

IdP-driven identifier selection is part of OpenID 2.0, which lets
users enter just their IdP instead of a personal identifier.
Site-specific identifiers will most likely be issued by the IdP, so
they'll be IdP-specific, which means that the portable identifier
discussion is irrelevant, since that feature is not invoked for
IdP-specific identifiers.

Users are not forced to disclose an identifier that can be correlated.
Given *the current draft of OpenID with no modifications,* the only
thing that the relying party has to know that can be used to correlate
users is what IdP is making the assertion.

specs mailing list

Reply via email to