LJ munging OpenID comments?
Lukas Leander Rosenstock
webmaster at lukasrosenstock.net
Tue Sep 20 15:56:32 PDT 2005
Doug Bell wrote:
> Developers: As a consumer, could you trust certain providers more than
> other providers? In other words, could you take the last delegate and
> keep a record of whether or not to trust OpenIDs from that delegate?
> Perhaps include a special record for those who seem to manage only
> their own OpenID from their own server ( if ($provider_url =~
> /$openID/) { return lookup_trust("private_id"); } else { return
> lookup_trust($provider_url) } ).
I'm nearly sure this will happen. When OpenID has become more popular
and is therefore also used by spammers some sites might, for example,
trust a *.livejournal.com-user more than a
*.service-i-have-never-heard-of-before.com user. But we have to be
careful to not lock the latter out completely, otherwise OpenIDs from an
unknown server will become practically useless.
However, if an OpenID is a top-level-domain, e.g. myname.com, consumers
can usually trust them because it is not possibly to register a domain
anonymously (as far as I know).
To your other idea, I believe we will see OpenID providers with
interesting concepts some day.
Lukas
More information about the yadis
mailing list