Wouldn't it be possible to use pre-existing email blacklist servers? If a domain has already been identified as giving out many email addresses to spammers, then it's pretty safe to assume that they'd be as equally as shady with their OpenID servers.
<br><br><div><span class="gmail_quote">On 8/6/06, <b class="gmail_sendername">Recordon, David</b> <<a href="mailto:drecordon@verisign.com">drecordon@verisign.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
<div>
<div dir="ltr">
<div dir="ltr"><font color="#000000" face="Arial" size="2">I'd also love to see a
service pop up that you can query asking if the given IdP is "good".
Obviously the reputation service would have to be able to prove their ranking if
people were to rely on it. This is the sort of thing where I like how
OpenID is designed, since multiple services doing the same thing can use the
technical framework we're creating to provide valuable services to relying
parties, end users, and identity providers. This create competition and
thus accountability.</font></div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2">--David</font></div></div>
<div dir="ltr"><br>
<hr>
<font face="Tahoma" size="2"><b>From:</b> <a href="mailto:yadis-bounces@lists.danga.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">yadis-bounces@lists.danga.com</a> on behalf of
Timothy Parez<br><b>Sent:</b> Sun 8/6/2006 4:02 AM<br><b>To:</b> 'Vladimir';
<a href="mailto:yadis@lists.danga.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">yadis@lists.danga.com</a><br><b>Subject:</b> RE: Trusted OpenID
Servers?<br></font><br></div></div><div><span class="e" id="q_10ced513f1726087_1">
<div>
<p><font size="2">Hey,<br><br>This has recently been discussed in "OpenID Trust
Model" have a look through the archives.<br>In any case, if phpBB wants to have
OpenID support, they could implement a feature which<br>allows the board admin,
to allow/disallow certain OpenID servers.<br><br>Given the spirit of OpenID, I
believe this kind of protection should be handled by the consumer.<br>Not by a
centralized blacklist, or not by force
anyway.<br><br><br>Timothy.<br><br></font></p></div></span></div></div></blockquote></div><br>