2 Jul 18:18
Re: [OpenID] OpenID and SSO
From: Dick Hardt <dick <at> sxip.com>
Subject: Re: [OpenID] OpenID and SSO
Newsgroups: gmane.comp.web.openid.general
Date: 2008-07-02 16:18:37 GMT
Subject: Re: [OpenID] OpenID and SSO
Newsgroups: gmane.comp.web.openid.general
Date: 2008-07-02 16:18:37 GMT
I'm unclear now on where this thread is going ... :) fwiw: my point was that providing the user something to click rather then type is more desirable -- and propose that for OpenID, letting the user cick something to login is a desirable end goal wrt. below, implicit in a "Click to proceed" is telling the site that you are a specific entity -- so you effectively have signed on. -- Dick On 2-Jul-08, at 12:58 AM, Leon Kuunders wrote: > Think about IP addresses: are they personal information? If so, and > following the train of thought mentioned by Dick, a user would not be > able to choose to share information without sharing this information. > > > So I guess this discussion comes down to the difference between > logging > in (offer credentials) and profiling (offer personal information). > These two can, but do not have to be, the same: credentials are not > necessary personal information. > > > "Click to proceed" would result in "profiling", not "authentication", > so SSO can be invisible to the user. > > > my 2$, --Leon. > > > > Dick Hardt wrote: > >> I think the contractual and privacy issues will require a click to >> login. EU and Canadian privacy laws require the user to have >> consented >> to acquiring personal information. Similar to the EULA licenses users >> have to actively do something with. >> >> Since it is impossible to know how the user truly arrived at a page, >> and users can arrive at a page without having actively chose to, the >> site needs the user to actively do something to acknowledge they want >> to share information and not be pseudonymous. >> >> On 1-Jul-08, at 1:47 AM, SitG Admin wrote: >> >>>> Users do not want to login. Really, they don't. >>>> >>>> Therefore you can measure the success of SSO by counting the >>>> dissapearing >>>> login "buttons" or "links" on websites who do offer user centric >>>> (profiling) >>>> services. >>> >>> A vital question here, then, is whether the user values privacy >>> enough to forgo this level of convenience. Short of opting to >>> automatically grant all RP requests (and never prompt user for >>> re-authentication to the OP - it can still expire, just don't bother >>> the *user* with renewing it), there is no way to "intelligently" >>> practice selective login for the user. >>> >>>> "Click to proceed", yes, >>> >>> There shouldn't even be that, though. Just go to the site and see >>> the >>> page. No matter how much you abstract the process of authenticating, >>> if they have to take steps to have the service recognize them then >>> it's a login. >>> >>> -Shade >>> _______________________________________________ >>> general mailing list >>> general <at> openid.net >>> http://openid.net/mailman/listinfo/general >> >> > _______________________________________________ > general mailing list > general <at> openid.net > http://openid.net/mailman/listinfo/general
RSS Feed