[OpenID] OpenID's effect on CAPTCHA
Rabbit
rabbit at cyberpunkrock.com
Thu Mar 26 08:46:15 UTC 2009
I was entertaining the idea of dynamic behavior based on trust or some
model for reputation rather than outright limiting. For example, and
RP could choose to require a Captcha for any OP other than a small set
of providers the RP believes has done an adequate job at eliminating
bots.
=Rabbit
On Mar 26, 2009, at 3:19 AM, Nate Klingenstein wrote:
> Rabbit,
>
> Unless you're limiting the set of OP's you're willing to work
> with(quite likely in the future, in my view, but that's not
> universally shared), I think it will prove necessary to retain the
> CAPTCHA. It's trivial to generate arbitrary OpenID's for robots,
> and would certainly happen rapidly if there were more exposed RP's
> in the world.
>
> Take care,
> Nate.
>
> On 26 Mar 2009, at 06:55, Rabbit wrote:
>
>> Services rely on OpenID to prove a user is *who* they claim to be.
>> Should services also rely on OpenID to prove a user is *what* they
>> claim to be? The cautious would say no but I thought the question
>> was interesting. Should proving to Google that I am a human be good
>> enough for an RP to believe it too? Is there an implied transitive
>> property of trust that comes along with using some services as
>> opposed to others?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090326/ee05cda1/attachment-0002.htm>
More information about the general
mailing list