[security] security
James A. Donald
jamesd at echeque.com
Sun Oct 29 05:35:39 UTC 2006
--
Dan Lyke wrote:
> Reputation systems merely require an identity which
> will be shared between systems. OpenID provides that.
>
> Reputation systems can be built on top of OpenID
> completely independently of OpenID.
Presumably we want to assign a reputation both on the
basis of the individual and of the identity provider, so
not "completely independent".
> If you want a centralized login system with some
> weight to the sign-in process, both Yahoo and Google
> will let you use their user base. It's not that hard
> to sign up for those systems. Those users have been
> through a CAPTCHA authentication. Yahoo and Google
> both have TOS agreements under which they terminate
> users.
"Open" should mean that multiple people can perform the
role that Google performs. At present, no one can
perform the role that Google performs. If the spammers
start using Openid on Tuesday, what do we do on
thursday?
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
8nueTAX/6VjtbBAvHLFNUQgEnWcrEj4ceppUMoW6
4wdaKVHPVJ+hGKBLLODwTrVHlEWbi1PqWJUsFkZOs
More information about the security
mailing list