Re: Is OpenID User Centric?

As I was not able to login to comment on Johannes’s blog…

It is about this entry “Is OpenID User Centric?“.

Johannes’s comment that OpenID being “http://netmesh.info/jernst/digital_identity/is-openid-still-user-centric” is very apt. This is one use case that OpenID is supposed to serve.

The other use case that it is serving right now is the Web SSO.

As a “personal/business card”, you do not need privacy. You do not want privacy. You want to reveal that it was you, and you want to be tracked.

In Web SSO case, you might or might not want to be tracked.

For User Centric thing, I believe that the user should control one’s XRD. Then, I can use Yahoo! or Google as authentication service that provide PPID.

If I want to preserve anonymity, I would use OP identifier to Yahoo! or Google. Alternatively, I could provide an XRD address that service PPID, but that would be a tall order for most people.

If I want to leave my track, then I will provide my (signed) XRD address.

As to the email as attribute being sent…

I think we should define contact service just like XRI people do. It could be email, twitter, or authenticated something, etc. The service should be advertised in the XRD. Then we should not need to provide “physical” address like email to the RP.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.