> Which has more weight, some kid off the street or the University of Dundee?
couldn't possible say Andy ;) but Google, Facebook and the rest seem to be
preparing to address this tendency for users to transmogrify into Bill
Gates. Their goal is more or less to become trusted openid providers,
which carry more weight than the kid off the street. However, what's more
telling is the lack of openid relying parties compared to providers.
Everyone wants to store your identity but no-one is that bothered about
getting it from somewhere else, i.e. federation isn't that big a deal to
the likes of facebook, google etc. There seems to be a rise in the number
of communities of applications as opposed to federations. i.e. sign up to
google for an openid account and use it to access all your google apps.
openid = sso within google - trust isn't an issue as they trust themselves
but due to the lack of relying parties, I'd guess no-one trusts anyone
other than themselves. It's the data that's of value. They all want it,
all of it, so they're prepared to get it by opening openid shop fronts and
enticing us in to view their wares.
SPs in the federation get round privacy issues by just asking for your
personal information once you're past shibboleth authn/authz and then link
it with your ePTID.
Alistair
--
mov eax,1
mov ebx,0
int 80h
>>>> On 10/12/2008 at 11:56, in message
> <[log in to unmask]>, Jon Warbrick
> <[log in to unmask]> wrote:
>> On Wed, 10 Dec 2008, Fiona Culloch wrote:
>>
>>> ...
>>> That means that with
>>> OpenID, if you want assurance about who your users are, you have to
>>> register them yourself individually, which is harder the more users
>>> you have.
>>
>> ... and you (as a service operator) have to decide if you are willing to
>> trust each user's chosen OpenID identity provider, something which in
>> general you are not in a position to do.
>>
>
> Which is the complete flaw of OpenID, the OpenID assertion is "I am who I
> am because _I_ say so" whereas in the Federation the Shibboleth assertion
> is "I am who I am because the _University of Dundee_ says so". Which
> has more weight, some kid off the street or the University of Dundee?
>
> I find the statement:
>
> "ii) The UK federation as currently deployed has a significant shortcoming
> which is the readiness of IdPs to disclose the real-world identity of
> users to SPs (as distinct from providing opaque persistent identifiers to
> support simple customisation). This is not a technical shortcoming but an
> operational one. Whilst it is relatively easy to solve, until it is, it
> limits the applicability of Shibboleth to personalised and other services
> which need to know who the users are. "
>
> rather strange. Should it not read "unreadiness"? and it isn't a
> shortcoming! The whole point is that we _don't_ expose real-world
> personal identity in breach of the data protection act but that we provide
> the mechanism for personalisation through the opaque identifier. Why
> would we want to fix that?
>
> Andy
>
>
> The University of Dundee is a registered Scottish charity, No: SC015096
>
|