- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Fri, 30 May 2014 10:52:38 -0400
- To: public-webpayments@w3.org
On 05/30/2014 10:35 AM, Herbert Snorrason wrote: > OpenID is structured in a way which makes it possible for the > identity provider to monitor every instance in which the identity is > used towards a third party. That is a property not shared by > Persona. Persona does this by mediating things through the user > agent, rather than authorisation happening server-to-server. The > proposal in the Identity Credentials, if implemented as-is, has the > same deficiency as OpenID, though. This isn't clear from the spec at all, but we plan to implement the same sort of privacy-protecting login mechanism that Mozilla Persona has. That is, a design requirement for Identity Credentials is a login mixnet that hides the sites you're logging into/sending your credentials to from your identity provider. I don't mean to trivialize the difficulty of doing this right, but it is on the roadmap and we intend to address the pervasive monitoring problem (not ignore it). -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: The Marathonic Dawn of Web Payments http://manu.sporny.org/2014/dawn-of-web-payments/
Received on Friday, 30 May 2014 14:53:02 UTC