[Python-Dev] Offtopic: OpenID Providers (original) (raw)
Donald Stufft donald at stufft.io
Fri Sep 6 21:40:33 CEST 2013
- Previous message: [Python-Dev] Offtopic: OpenID Providers
- Next message: [Python-Dev] Offtopic: OpenID Providers
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sep 6, 2013, at 3:34 PM, "R. David Murray" <rdmurray at bitdance.com> wrote:
On Fri, 06 Sep 2013 15:17:12 -0400, Donald Stufft <donald at stufft.io> wrote:
On Sep 6, 2013, at 3:11 PM, "R. David Murray" <rdmurray at bitdance.com> wrote:
IMO, single signon is overrated. Especially if one prefers not to make it easy for various accounts to be automatically associated with one another by various entities who shall remain nameless but have been in the news a lot lately :) If I recall Persona doesn't leak this data like OpenID does, but perhaps Dan can speak to that better than I can. Note that I said that single signon itself was overrated. If you use the same token to authenticate to multiple sites (and here the 'token' is the email address) then your identities on those sites are ipso facto associated with each other. If that email address is also never leaked (never displayed, even to other signed on users, all communication with the site encrypted), then you only have to worry if the sites exchange information about their accounts, or if the government comes knocking on their doors.... Yes, I'm paranoid. That doesn't mean they aren't listening. That said, sometimes you want identities to be associated, so I'm not saying Persona is a bad thing. Just that single signon is overrated.
Well that's fine to have that opinion but I think you're under estimating just how easy it is to link two disparate accounts especially if you have the cooperation (willing or otherwise) of the site operators. I've personally seen Google do some particularly amazing connections between accounts that I don't believe using the same authentication token is going to make that any easier or harder for them.
Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://mail.python.org/pipermail/python-dev/attachments/20130906/af163ab9/attachment.sig>
- Previous message: [Python-Dev] Offtopic: OpenID Providers
- Next message: [Python-Dev] Offtopic: OpenID Providers
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]