[governance] Re: Identity systems and privacy (was Re: New IGF community site)
Stephane Bortzmeyer
bortzmeyer at internatif.org
Mon Oct 22 18:52:11 EDT 2007
On Mon, Oct 22, 2007 at 09:13:28AM +0200,
Norbert Bollow <nb at bollow.ch> wrote
a message of 61 lines which said:
> Given that the igf-online.net site prominently promotes OpenID, I
> think it is quite appropriate to discuss whether OpenID (in its most
> straightforward usage mode) violates the fundamental civil society
> position that no outside third party should be easily able to track
> a person's significant online activities.
An OpenID provider is not an *outside* third party since you choose
it. Like an Internet access provider, it is a party you have to trust,
at least partially.
> "Being your own OpenID provider" is AFAIK not possible behind NAT.
Well, anyway, it is not realistic for most users, even with a public
IP address. My point was not that Joe Average should become his own
identity provider, but that many people can do it, so Joe Average will
have a large choice of providers, probably with at least one with a
privacy practice he likes.
That's quite different from the X509 / SSL landscape, where the
providers are only a few (anyone can be a provider but, if your
certificate is not in MSIE, you do not really count).
> I would suggest that this Caucus should adop the position that
> only this kind of approach to automated or semi-automated
> identity management is acceptable.
It seems much too premature, since I do not think that many people
here worked on the identity problem yet.
____________________________________________________________
You received this message as a subscriber on the list:
governance at lists.cpsr.org
To be removed from the list, send any message to:
governance-unsubscribe at lists.cpsr.org
For all list information and functions, see:
http://lists.cpsr.org/lists/info/governance
More information about the Governance
mailing list