Trusted OpenID Servers?
Daniel E. Renfer
Duck at Kronkltd.net
Tue Aug 8 16:43:09 UTC 2006
Wouldn't it be possible to use pre-existing email blacklist servers? If a
domain has already been identified as giving out many email addresses to
spammers, then it's pretty safe to assume that they'd be as equally as shady
with their OpenID servers.
On 8/6/06, Recordon, David <drecordon at verisign.com> wrote:
>
> I'd also love to see a service pop up that you can query asking if the
> given IdP is "good". Obviously the reputation service would have to be able
> to prove their ranking if people were to rely on it. This is the sort of
> thing where I like how OpenID is designed, since multiple services doing the
> same thing can use the technical framework we're creating to provide
> valuable services to relying parties, end users, and identity providers.
> This create competition and thus accountability.
>
> --David
>
> ------------------------------
> *From:* yadis-bounces at lists.danga.com on behalf of Timothy Parez
> *Sent:* Sun 8/6/2006 4:02 AM
> *To:* 'Vladimir'; yadis at lists.danga.com
> *Subject:* RE: Trusted OpenID Servers?
>
> Hey,
>
> This has recently been discussed in "OpenID Trust Model" have a look
> through the archives.
> In any case, if phpBB wants to have OpenID support, they could implement a
> feature which
> allows the board admin, to allow/disallow certain OpenID servers.
>
> Given the spirit of OpenID, I believe this kind of protection should be
> handled by the consumer.
> Not by a centralized blacklist, or not by force anyway.
>
>
> Timothy.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.danga.com/pipermail/yadis/attachments/20060808/5c1915fa/attachment.html
More information about the yadis
mailing list