To clarify what I wrote before: >User: "I want to be known anonymously." >RP: "I don't like that, use a real URI." >User: "I don't have to." >RP: "You don't have to use my site either." > >I only see a problem with it if the user thinks they ought to be >entitled to use whatever services they please while remaining >anonymous.
There's nothing wrong with remaining anonymous - it's the general idea of a user's right to use a service under whatever conditions they care to dictate, overriding the service *provider's* right to refuse service if they don't find those conditions acceptable. If we, as users or fellow service providers, think a RP's case for treating anonymous logins in certain ways that differ from other logins, isn't acceptable, we can boycott that RP and engage in other "free market" activities (such as starting up a competing site that provides the same services but with less discrimination). It's also possible to avoid putting anything in the specs that could make such things easier, but if we follow that route, we'd be trying to engineer human values instead of address them as people always have. Looking at what's already possible (allied companies whitelisting one another's OP's, etcetera), it's plain to me that the specs were written to create useful functionality instead of engineer discrimination out of the equation. I presume we still have ways to address discrimination without making it impossible in the code? -Shade _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs