LJ munging OpenID comments?

Lukas Leander Rosenstock webmaster at lukasrosenstock.net
Tue Sep 20 15:56:32 PDT 2005

Doug Bell wrote:

> Developers: As a consumer, could you trust certain providers more than 
> other providers? In other words, could you take the last delegate and 
> keep a record of whether or not to trust OpenIDs from that delegate? 
> Perhaps include a special record for those who seem to manage only 
> their own OpenID from their own server ( if ($provider_url =~ 
> /$openID/) { return lookup_trust("private_id"); } else { return 
> lookup_trust($provider_url) } ).

I'm nearly sure this will happen. When OpenID has become more popular 
and is therefore also used by spammers some sites might, for example, 
trust a *.livejournal.com-user more than a 
*.service-i-have-never-heard-of-before.com user. But we have to be 
careful to not lock the latter out completely, otherwise OpenIDs from an 
unknown server will become practically useless.
However, if an OpenID is a top-level-domain, e.g. myname.com, consumers 
can usually trust them because it is not possibly to register a domain 
anonymously (as far as I know).

To your other idea, I believe we will see OpenID providers with 
interesting concepts some day.


More information about the yadis mailing list