On 16-Oct-06, at 12:24 PM, Martin Atkins wrote: > Chris Drake wrote: >> >> There seem to be a lot of people on this list who want to hate and >> loathe the IdP, and grant all power to the RP. I do not understand >> this reasoning: our users will select the IdP they trust and like, >> then they will be using a multitude of possibly hostile RPs >> thereafter: the reverse is simply not true. >> > > If I'm using one IdP to assert my primary public identity, they can > hypothetically develop quite a profile about me. I probably don't mind > too much in most cases, because I researched them and found that they > are a good provider and won't sell my data out to the bad guys. > > However, there might be some things I want to do (for example, posting > locally-prohibited speech on a public forum) that I don't want > attached > in any way, shape or form to my public identity. The trust > relationship > I have with that IdP probably isn't enough for this; if there is any > record at all of any association between these two identities, as > friendly as my IdP may be, there is a chance that it will be ceased by > court order, or leaked by an insider, which might lead to me > getting in > serious legal trouble.
In this case you are better off opening a separate account with this or some other IdP. The current delegation model will not protect you at all. The delegate tag is in a publicly accessible Yadis document. I agree that anonymity is an important feature, but the current solution gives you only a false sense of security. Marius _______________________________________________ specs mailing list firstname.lastname@example.org http://openid.net/mailman/listinfo/specs