[OpenID] A selector for OpenID
Peter Watkins
peterw at tux.org
Sun Apr 20 07:49:39 PDT 2008
On Sun, Apr 20, 2008 at 06:32:43AM -0700, larry drebes wrote:
> Max,
> The primary goal is to make is to improve the end-user experience for
> OpenID. There is a large user education problem that is throttling OpenID
> growth. We were also trying to make it simple for the RP, and neutral for
> the OPs.
>
> The javascript attaches to an existing OpenID login form. In the (rare)
> case the javascript could not load from the (high available) idselector
> server, the form will continue to work, just with out a default value.
>
> larry-
So that's "no" to making the code available for "local" OP installs?
As a site admin & developer, that's disappointing. Not terrible -- we
can always roll our own as I'd imagined anyway (which would also allow
us complete control over what OPs to list/suggest).
As a user, I think there's a privacy danger inherent in your current model
that folks should think about. The 3rd-party widget approach means that
idselector could amass information about where & when individual users hit
OpenID login pages. And it means iselector can learn what identities
individual users attempt to claim. It's not just a single point of failure,
it's a single point of data funnelling. If many RPs chose to use something
like this, it could undermine the privacy benefits of the otherwise very
decentralized/federated OP/RP model -- think doubleclick for OpenID.
-Peter
More information about the general
mailing list