On 16-Oct-06, at 12:24 PM, Martin Atkins wrote: > Chris Drake wrote: >> >> There seem to be a lot of people on this list who want to hate and >> loathe the IdP, and grant all power to the RP. I do not understand >> this reasoning: our users will select the IdP they trust and like, >> then they will be using a multitude of possibly hostile RPs >> thereafter: the reverse is simply not true. >> > > If I'm using one IdP to assert my primary public identity, they can > hypothetically develop quite a profile about me. I probably don't mind > too much in most cases, because I researched them and found that they > are a good provider and won't sell my data out to the bad guys. > > However, there might be some things I want to do (for example, posting > locally-prohibited speech on a public forum) that I don't want > attached > in any way, shape or form to my public identity. The trust > relationship > I have with that IdP probably isn't enough for this; if there is any > record at all of any association between these two identities, as > friendly as my IdP may be, there is a chance that it will be ceased by > court order, or leaked by an insider, which might lead to me > getting in > serious legal trouble. > > This is just one (perhaps extreme) example of why my trust in my > IdP is > not universal and all-encompassing. Trust is not a boolean.
A possible solution is you can use a different IdP when you want to do this activity so there is no link to your primary IdP. -- Dick _______________________________________________ specs mailing list firstname.lastname@example.org http://openid.net/mailman/listinfo/specs