Trusted OpenID Servers?

Vladimir vlach at
Sun Aug 6 09:50:44 UTC 2006


I am new to the OpenID and I like the idea, but my concern is Spam - yet

Basically for me, as a webmaster, users authenticated via OpenID are same as
users authenticated via email. But for phpBB and other forum solutions,
which everyone would love to see, their concern is SPAM as well.

If I create my own OpenID server, I can flood their phpBB system with as
many domain names (including subdomains I have).

Wouldn't be a good idea to have central (distributed) blacklist of OpenID
servers which are known for SPAM? This is same approach like with email,
which actually never worked, but helped a little.

I think if OpenID would provide some kind of SPAM protection (blacklist,
email authorization, catcha) then for me as a webmaster it would be a huge
step forward and I would be really motivated to implement OpenID.

I think as long OpenID will not offer some kind of huge advantage (besides 
Single Sign-On) then there will not be too many webmasters implementing this 
and most likely Live ID or Google's auth will take majority.

When I speak with some other programmers, they think about OpenID as a 
system for Blogs, they don't think it could go anywhere further.

I think it's important to make additional steps to bring it to the next 
level and offer something, they would love. And the feature could be Spam 
protection they can trust.

BTW: We are working on implementing OpenID on our new website where customers and merchants instead of entering 
username/password can enter OpenID as well. But to be fair, I must say, that 
we will implement Google & Live ID once available.

Have a good day,

More information about the yadis mailing list