[OpenID] Trust + Security @ OpenID

Dmitry Shechtman damnian at gmail.com
Mon Jul 16 08:30:12 UTC 2007


Errr...isn't this supposed to be a "white list server"? I mean, are you
having a black list of "bad" IDPs or are you registering "good" IDPs in this
list? 

 

Although the term isn't really important, I believe this should be a black
list (i.e. all are "good" by default) of identifiers (i.e. "good" OPs may
have issued "bad" identifiers, see the getopenid.com case).

 

Whatever the choice, under which criteria are you listing either one on your
list?



Various heuristics will be used for blacklisting. Identifiers issued by
http://www.jkg.in/openid/ will definitely be there...

 

 

Regards,

Dmitry

=damnian

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070716/58f97784/attachment-0002.htm>


More information about the general mailing list