[security] Who bears the risk..
Dan Lyke
danlyke at flutterby.com
Fri Oct 27 02:16:58 UTC 2006
On Thu, 26 Oct 2006 18:45:07 -0700, Alaric Dailey wrote:
> Did I miss something? Is there a way to LIMIT the IdP's you trust?
As a Relying Party you can do anything you want.
For instance, I may present random OpenID users with a CAPTCHA type
puzzle the first time they log in, but I could skip that step if their
Identity Provider appears to be someone whom I belive has already
adequately verified that they're a human being.
OpenID is about logins, not reputation. Means for reputation can be
built around it, but in my mind it's just about providing a repeatable
identifier and not making them reveal authorization information to a
gazillion different sites.
Dan
More information about the security
mailing list