On Fri, 06 Sep 2013 15:17:12 -0400, Donald Stufft <don...@stufft.io> wrote: > On Sep 6, 2013, at 3:11 PM, "R. David Murray" <rdmur...@bitdance.com> wrote: > > > IMO, single signon is overrated. Especially if one prefers not to make > > it easy for various accounts to be automatically associated with one > > another by various entities who shall remain nameless but have been in > > the news a lot lately :) > > If I recall Persona doesn't leak this data like OpenID does, but > perhaps Dan can speak to that better than I can.
Note that I said that single signon *itself* was overrated. If you use the same token to authenticate to multiple sites (and here the 'token' is the email address) then your identities on those sites are ipso facto associated with each other. *If* that email address is also never leaked (never displayed, even to other signed on users, all communication with the site encrypted), then you only have to worry if the sites exchange information about their accounts, or if the government comes knocking on their doors.... Yes, I'm paranoid. That doesn't mean they aren't listening. That said, sometimes you *want* identities to be associated, so I'm not saying Persona is a bad thing. Just that single signon is overrated. --David _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
