[OpenID] Trust + Security @ OpenID
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Sun Jul 8 21:15:30 UTC 2007
Hi Simon,
Simon Willison wrote:
>
> """
> What about spam?
>
> Again, this is not a trust system.
>
> Somebody could run their own identity server that says they're
> http://spammer.example.com/000001/ all the way to
> http://spammer.example.com/999999/ and that's not a goal of this
> system to prevent. It's another layer's job to say the identities with
> URL spammer.example.com/* is a spammer, or some ID server is a known
> spammer, or some particular identity is a known spammer.
> """
Right! It's that additional layer I'm talking about...
>
> OpenID was never intended to provide an assurance that an OpenID
> doesn't belong to a spammer. That's OK; neither are regular accounts
> created with a username and password. If you want to prevent automated
> spammers from signing in to your blog/forum using OpenID, you need to
> present a user with a CAPTCHA the first time they sign in with a
> specific OpenID.
So I don't need OpenID therefore, right? No benefit for me as site
operator and relying party...why bother...?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: startcom at startcom.org
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070709/26a17bc1/attachment-0002.htm>
More information about the general
mailing list