Trusted OpenID Servers?

Timothy Parez timothyparez at linux.be
Sun Aug 6 11:02:09 UTC 2006 

Hey,

This has recently been discussed in "OpenID Trust Model" have a look through the archives.
In any case, if phpBB wants to have OpenID support, they could implement a feature which
allows the board admin, to allow/disallow certain OpenID servers.

Given the spirit of OpenID, I believe this kind of protection should be handled by the consumer.
Not by a centralized blacklist, or not by force anyway.


Timothy.

-----Original Message-----
From: yadis-bounces at lists.danga.com [mailto:yadis-bounces at lists.danga.com] On Behalf Of Vladimir
Sent: zondag 6 augustus 2006 11:51
To: yadis at lists.danga.com
Subject: Trusted OpenID Servers?

Hello,

I am new to the OpenID and I like the idea, but my concern is Spam - yet again.

Basically for me, as a webmaster, users authenticated via OpenID are same as users authenticated via email. But for phpBB and other forum solutions, which everyone would love to see, their concern is SPAM as well.

If I create my own OpenID server, I can flood their phpBB system with as many domain names (including subdomains I have).

Wouldn't be a good idea to have central (distributed) blacklist of OpenID servers which are known for SPAM? This is same approach like with email, which actually never worked, but helped a little.

I think if OpenID would provide some kind of SPAM protection (blacklist, email authorization, catcha) then for me as a webmaster it would be a huge step forward and I would be really motivated to implement OpenID.

I think as long OpenID will not offer some kind of huge advantage (besides Single Sign-On) then there will not be too many webmasters implementing this and most likely Live ID or Google's auth will take majority.

When I speak with some other programmers, they think about OpenID as a system for Blogs, they don't think it could go anywhere further.

I think it's important to make additional steps to bring it to the next level and offer something, they would love. And the feature could be Spam protection they can trust.

BTW: We are working on implementing OpenID on our new website http://www.fivestores.com where customers and merchants instead of entering username/password can enter OpenID as well. But to be fair, I must say, that we will implement Google & Live ID once available.

Have a good day,
Vlad

More information about the yadis mailing list