On 16-Oct-06, at 12:24 PM, Martin Atkins wrote:

> Chris Drake wrote:
>> There seem to be a lot of people on this list who want to hate and
>> loathe the IdP, and grant all power to the RP.  I do not understand
>> this reasoning:  our users will select the IdP they trust and like,
>> then they will be using a multitude of possibly hostile RPs
>> thereafter: the reverse is simply not true.
> If I'm using one IdP to assert my primary public identity, they can
> hypothetically develop quite a profile about me. I probably don't mind
> too much in most cases, because I researched them and found that they
> are a good provider and won't sell my data out to the bad guys.
> However, there might be some things I want to do (for example, posting
> locally-prohibited speech on a public forum) that I don't want  
> attached
> in any way, shape or form to my public identity. The trust  
> relationship
> I have with that IdP probably isn't enough for this; if there is any
> record at all of any association between these two identities, as
> friendly as my IdP may be, there is a chance that it will be ceased by
> court order, or leaked by an insider, which might lead to me  
> getting in
> serious legal trouble.
> This is just one (perhaps extreme) example of why my trust in my  
> IdP is
> not universal and all-encompassing. Trust is not a boolean.

A possible solution is you can use a different IdP when you want to  
do this activity so there is no link to your primary IdP.

-- Dick
specs mailing list

Reply via email to