Joining Ma.gnolia is easy: just sign in using an account you already have elsewhere on the web.
Every RP has the right to decide how to authenticate it's users. If Magnolia (I refuse to use the cute '.') feels it obtains higher assurance or better controls risk by fully relying on 3rd party identities, full power to it (and if they wanted to go further and implement a whitelist of OPs, that would be their call as well).
But, shouldn't we at least pause and ask how such a move fits with a philosophy of user-centric identity, the poster child of which is OpenID?
Put another way, if the fundamental tenets of user-centrism are users having choice & control over their identities, is Magnolia's move, in that it takes away some such choice from users, user-centric?
And if not, can we imagine some weird parallel Universe (clearly not in this one) in which OpenID can actually be deployed in a manner that is not 100% consistent with user choice?
It hurts my brain just trying to imagine what that would look like - quantum physics always freaks me out.
No comments:
Post a Comment