[OpenID] OpenID's effect on CAPTCHA
Nate Klingenstein
ndk at internet2.edu
Thu Mar 26 07:19:05 UTC 2009
Rabbit,
Unless you're limiting the set of OP's you're willing to work with
(quite likely in the future, in my view, but that's not universally
shared), I think it will prove necessary to retain the CAPTCHA. It's
trivial to generate arbitrary OpenID's for robots, and would
certainly happen rapidly if there were more exposed RP's in the world.
Take care,
Nate.
On 26 Mar 2009, at 06:55, Rabbit wrote:
> Services rely on OpenID to prove a user is *who* they claim to be.
> Should services also rely on OpenID to prove a user is *what* they
> claim to be? The cautious would say no but I thought the question
> was interesting. Should proving to Google that I am a human be good
> enough for an RP to believe it too? Is there an implied transitive
> property of trust that comes along with using some services as
> opposed to others?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090326/006e12da/attachment-0001.htm>
More information about the general
mailing list