Will Norris tackles privacy using OpenID

Identity expert Will Norris has two new blogs about OpenID's potential use for privacy. As he points out, OpenID was meant to strengthen and share identity, not to protect privacy. But he draws some lessons from the classic Shibboleth project for delegated authentication in the blog Best Practices with Directed Identity, then puts forward a multi-tiered OpenID system for privacy in A New Kind of OpenID Proxy.

I'm flattered that Norris (who I've been communicating with over email) referred to my proposal, which simply tries to protect privacy by allowing a visitor to get an ID while storing nothing on the server (pros and cons in a follow-up blog).