James,
NO!Restricting users to only "some trusted OPs" absolutely breaks the core user-centric identity concept on which OpenID is built.
Please re-read Balasubramanian's comments. My response was, "yes, it does break one of the rules of thumb," with the addition that many other things are threatening those concepts today as well.
That must not be done lightly. It should not be the first suggestion (particularly from an OpenID board member) without knowing the specifics of a particular web site and its users. Such restrictions might be appropriate for some specialist Relying Parties, but they should be the exceptions, not the norm.
I'm certainly not a board member, was not nominated, would be flattered but refuse to serve if nominated, and wonder whether you meant someone else.
Take care, Nate.
_______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
