[OpenID] What about spam?
Martin Atkins
mart at degeneration.co.uk
Sat May 5 14:38:53 UTC 2007
Patrick Aljord wrote:
> Hey all,
> On the openID FAQ here http://openid.net/about.bml
> it states:
> "Somebody could run their own identity server that says they're
> http://spammer.example.com/000001/ all the way to
> http://spammer.example.com/999999/ and that's not a goal of this
> system to prevent. It's another layer's job to say the identities with
> URL spammer.example.com/* is a spammer, or some ID server is a known
> spammer, or some particular identity is a known spammer.
>
> What this does prevent is anybody but that spammer from using that
> identity URL. "
>
The real sentiment of those paragraphs is that OpenID Authentication
can't prove that a particular identifier is your friend, or that a
particular identifier is a human, or a particular identifier is a
spammer. All it can prove is that the person who successfully
authenticated has permission to use the identifier in question.
However, what OpenID *does* give you is a verified handle on which to
base whitelists and blacklists. If you've whitelisted your friend
http://frank.example.com/ then you can be pretty confident that no-one
else but Frank is going to be able to authenticate with that identifier.
This is in contrast with email, where with a few exceptions anyone can
claim to be anybody.
More information about the general
mailing list