[OpenID] OpenID's effect on CAPTCHA

Chris Messina chris.messina at gmail.com
Fri Mar 27 20:25:15 UTC 2009 

I believe that this is also where PAPE comes in to some degree. It all comes
down to whether what the OpenID provider says is good enough for the RP
though — just because you can technically facilitate relationships, it's
doesn't mean that you actually have one. That's where technology meats
policy and law, and things inevitably gets grayer, slower and more riddled
with "social bugs".
http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-07.html

Chris

On Thu, Mar 26, 2009 at 4:46 AM, Rabbit <rabbit at cyberpunkrock.com> wrote:

> I was entertaining the idea of dynamic behavior based on trust or some
> model for reputation rather than outright limiting. For example, and RP
> could choose to require a Captcha for any OP other than a small set of
> providers the RP believes has done an adequate job at eliminating bots.
>
> =Rabbit
>
> On Mar 26, 2009, at 3:19 AM, Nate Klingenstein wrote:
>
> Rabbit,
> Unless you're limiting the set of OP's you're willing to work with(quite
> likely in the future, in my view, but that's not universally shared), I
> think it will prove necessary to retain the CAPTCHA.  It's trivial to
> generate arbitrary OpenID's for robots, and would certainly happen rapidly
> if there were more exposed RP's in the world.
>
> Take care,
> Nate.
>
> On 26 Mar 2009, at 06:55, Rabbit wrote:
>
> Services rely on OpenID to prove a user is *who* they claim to be. Should
> services also rely on OpenID to prove a user is *what* they claim to be?  The
> cautious would say no but I thought the question was interesting. Should
> proving to Google that I am a human be good enough for an RP to believe it
> too? Is there an implied transitive property of trust that comes along with
> using some services as opposed to others?
>
>
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>


-- 
Chris Messina
Citizen-Participant &
 Open Web Advocate

factoryjoe.com // diso-project.org // vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090327/3ecf6067/attachment-0001.htm>

More information about the general mailing list