+1. "Trust is not a boolean." Martin, that's very quotable. Can I attribute
it to you?


-----Original Message-----
Of Martin Atkins
Sent: Monday, October 16, 2006 12:25 PM
To: specs@openid.net
Subject: Re: Identifier portability: the fundamental issue

Chris Drake wrote:
> There seem to be a lot of people on this list who want to hate and
> loathe the IdP, and grant all power to the RP.  I do not understand
> this reasoning:  our users will select the IdP they trust and like,
> then they will be using a multitude of possibly hostile RPs
> thereafter: the reverse is simply not true.

If I'm using one IdP to assert my primary public identity, they can 
hypothetically develop quite a profile about me. I probably don't mind 
too much in most cases, because I researched them and found that they 
are a good provider and won't sell my data out to the bad guys.

However, there might be some things I want to do (for example, posting 
locally-prohibited speech on a public forum) that I don't want attached 
in any way, shape or form to my public identity. The trust relationship 
I have with that IdP probably isn't enough for this; if there is any 
record at all of any association between these two identities, as 
friendly as my IdP may be, there is a chance that it will be ceased by 
court order, or leaked by an insider, which might lead to me getting in 
serious legal trouble.

This is just one (perhaps extreme) example of why my trust in my IdP is 
not universal and all-encompassing. Trust is not a boolean.

specs mailing list

Reply via email to