[Python-Dev] Offtopic: OpenID Providers

R. David Murray rdmurray at bitdance.com
Fri Sep 6 21:34:30 CEST 2013

On Fri, 06 Sep 2013 15:17:12 -0400, Donald Stufft <donald at stufft.io> wrote:
> On Sep 6, 2013, at 3:11 PM, "R. David Murray" <rdmurray at bitdance.com> wrote:
> > IMO, single signon is overrated.  Especially if one prefers not to make
> > it easy for various accounts to be automatically associated with one
> > another by various entities who shall remain nameless but have been in
> > the news a lot lately :)
> If I recall Persona doesn't leak this data like OpenID does, but
> perhaps Dan can speak to that better than I can.

Note that I said that single signon *itself* was overrated.  If you use
the same token to authenticate to multiple sites (and here the 'token'
is the email address) then your identities on those sites are ipso facto
associated with each other.  *If* that email address is also never
leaked (never displayed, even to other signed on users, all communication
with the site encrypted), then you only have to worry if the
sites exchange information about their accounts, or if the government
comes knocking on their doors....

Yes, I'm paranoid.  That doesn't mean they aren't listening.

That said, sometimes you *want* identities to be associated, so I'm not
saying Persona is a bad thing.  Just that single signon is overrated.


More information about the Python-Dev mailing list