<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7638.1">
<TITLE>RE: Trusted OpenID Servers?</TITLE>
</HEAD>
<BODY>
<DIV id=idOWAReplyText94127 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>I'd also love to see a
service pop up that you can query asking if the given IdP is "good".
Obviously the reputation service would have to be able to prove their ranking if
people were to rely on it. This is the sort of thing where I like how
OpenID is designed, since multiple services doing the same thing can use the
technical framework we're creating to provide valuable services to relying
parties, end users, and identity providers. This create competition and
thus accountability.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>--David</FONT></DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> yadis-bounces@lists.danga.com on behalf of
Timothy Parez<BR><B>Sent:</B> Sun 8/6/2006 4:02 AM<BR><B>To:</B> 'Vladimir';
yadis@lists.danga.com<BR><B>Subject:</B> RE: Trusted OpenID
Servers?<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>Hey,<BR><BR>This has recently been discussed in "OpenID Trust
Model" have a look through the archives.<BR>In any case, if phpBB wants to have
OpenID support, they could implement a feature which<BR>allows the board admin,
to allow/disallow certain OpenID servers.<BR><BR>Given the spirit of OpenID, I
believe this kind of protection should be handled by the consumer.<BR>Not by a
centralized blacklist, or not by force
anyway.<BR><BR><BR>Timothy.<BR><BR>-----Original Message-----<BR>From:
yadis-bounces@lists.danga.com [<A
href="mailto:yadis-bounces@lists.danga.com">mailto:yadis-bounces@lists.danga.com</A>]
On Behalf Of Vladimir<BR>Sent: zondag 6 augustus 2006 11:51<BR>To:
yadis@lists.danga.com<BR>Subject: Trusted OpenID Servers?<BR><BR>Hello,<BR><BR>I
am new to the OpenID and I like the idea, but my concern is Spam - yet
again.<BR><BR>Basically for me, as a webmaster, users authenticated via OpenID
are same as users authenticated via email. But for phpBB and other forum
solutions, which everyone would love to see, their concern is SPAM as
well.<BR><BR>If I create my own OpenID server, I can flood their phpBB system
with as many domain names (including subdomains I have).<BR><BR>Wouldn't be a
good idea to have central (distributed) blacklist of OpenID servers which are
known for SPAM? This is same approach like with email, which actually never
worked, but helped a little.<BR><BR>I think if OpenID would provide some kind of
SPAM protection (blacklist, email authorization, catcha) then for me as a
webmaster it would be a huge step forward and I would be really motivated to
implement OpenID.<BR><BR>I think as long OpenID will not offer some kind of huge
advantage (besides Single Sign-On) then there will not be too many webmasters
implementing this and most likely Live ID or Google's auth will take
majority.<BR><BR>When I speak with some other programmers, they think about
OpenID as a system for Blogs, they don't think it could go anywhere
further.<BR><BR>I think it's important to make additional steps to bring it to
the next level and offer something, they would love. And the feature could be
Spam protection they can trust.<BR><BR>BTW: We are working on implementing
OpenID on our new website <A
href="http://www.fivestores.com">http://www.fivestores.com</A> where customers
and merchants instead of entering username/password can enter OpenID as well.
But to be fair, I must say, that we will implement Google & Live ID once
available.<BR><BR>Have a good
day,<BR>Vlad<BR><BR><BR><BR></FONT></P></DIV>
</BODY>
</HTML>