Global User ID
Is anyone concerned about how much easier a GUID environment makes it for value to be created by aggregating data about you individually from the multiple sites you visit? Do you want your insurance broker site to be able to find out that you've been reading a lot of articles about AIDS?
I realize (a) that to some extent this is already possible, and (b) it seem like more of a legal issue than a technical issue.
But (a) it makes things a lot easier/reliable for aggregators, and (b) do you want to trust the legal system?
Any membership-reference-server is of course a weak link (because the various registration requests go to there), but that's a single relationship that the user might invest greater trust into. But when there's GUID added as a feature, then any 2 sites can sell their detailed behavior data to 3rd parties.
Note sure what the answer is here, not even sure how big the problem is, but it's worth thought.
One solution to this would be to (a) have varying ids/pws at the member sites, (b) have all that data centralized at the user's reference server, and use that server to sign into individual member sites (e.g. the reference server generates a form which the user clicks on to do a post to a member-site sign-in function).
But that's rather clunky (given that you might be following a link into a particular member site where you're already a member, you don't want to have to back out to your reference site, sign into the member site, then find that URL you really wanted). Though, on the other hand, you could simplify that process a bit, where
user trips sign-in requirement at member site, gets sign-in form
reference server looks up site, gets user's member-site id/pw; returns another form to the user with just a single button on it
user hits button, which does POST back to member site, passing his id/pw, plus the destination URI
member site logs him in and redirects to destination URI
Edited: | Tweet this!