[security] security

[Recordon, David]

+1 to all of this, but especially:

> I want to use OpenID precisely because it *isn't* controlled
> by some centralized authority, and because we can use it to
> build distributed reputation systems.

--David

-----Original Message-----
From: security-bounces at openid.net [mailto:security-bounces at openid.net]
On Behalf Of Dan Lyke
Sent: Saturday, October 28, 2006 5:44 PM
To: security at openid.net
Subject: Re: [security] security

On Sat, 28 Oct 2006 15:33:10 -0700, James A. Donald wrote:
> without machinery in the protocol and libraries for whitelisting, 
> greylisting, and blacklisting, the widespread adoption of openid will 
> eventually lead to spammer attack.

As someone who's run a weblog since early 1998, with easy comments since
some time in 2000, I disagree.

Reputation systems merely require an identity which will be shared
between systems. OpenID provides that.

Reputation systems can be built on top of OpenID completely
independently of OpenID. Indeed, they should, as the sorts of users who
I want to provide priority in my community are very different from the
ones that other people want to promote in theirs.

If you want a centralized login system with some weight to the sign-in
process, both Yahoo and Google will let you use their user base. It's
not that hard to sign up for those systems. Those users have been
through a CAPTCHA authentication. Yahoo and Google both have TOS
agreements under which they terminate users.

I want to use OpenID precisely because it *isn't* controlled by some
centralized authority, and because we can use it to build distributed
reputation systems.

Dan
_______________________________________________
security mailing list
security at openid.net
http://openid.net/mailman/listinfo/security