Trusted OpenID Servers?

Recordon, David drecordon at
Sun Aug 6 21:47:24 UTC 2006

I'd also love to see a service pop up that you can query asking if the given IdP is "good".  Obviously the reputation service would have to be able to prove their ranking if people were to rely on it.  This is the sort of thing where I like how OpenID is designed, since multiple services doing the same thing can use the technical framework we're creating to provide valuable services to relying parties, end users, and identity providers.  This create competition and thus accountability.


From: yadis-bounces at on behalf of Timothy Parez
Sent: Sun 8/6/2006 4:02 AM
To: 'Vladimir'; yadis at
Subject: RE: Trusted OpenID Servers?


This has recently been discussed in "OpenID Trust Model" have a look through the archives.
In any case, if phpBB wants to have OpenID support, they could implement a feature which
allows the board admin, to allow/disallow certain OpenID servers.

Given the spirit of OpenID, I believe this kind of protection should be handled by the consumer.
Not by a centralized blacklist, or not by force anyway.


-----Original Message-----
From: yadis-bounces at [mailto:yadis-bounces at] On Behalf Of Vladimir
Sent: zondag 6 augustus 2006 11:51
To: yadis at
Subject: Trusted OpenID Servers?


I am new to the OpenID and I like the idea, but my concern is Spam - yet again.

Basically for me, as a webmaster, users authenticated via OpenID are same as users authenticated via email. But for phpBB and other forum solutions, which everyone would love to see, their concern is SPAM as well.

If I create my own OpenID server, I can flood their phpBB system with as many domain names (including subdomains I have).

Wouldn't be a good idea to have central (distributed) blacklist of OpenID servers which are known for SPAM? This is same approach like with email, which actually never worked, but helped a little.

I think if OpenID would provide some kind of SPAM protection (blacklist, email authorization, catcha) then for me as a webmaster it would be a huge step forward and I would be really motivated to implement OpenID.

I think as long OpenID will not offer some kind of huge advantage (besides Single Sign-On) then there will not be too many webmasters implementing this and most likely Live ID or Google's auth will take majority.

When I speak with some other programmers, they think about OpenID as a system for Blogs, they don't think it could go anywhere further.

I think it's important to make additional steps to bring it to the next level and offer something, they would love. And the feature could be Spam protection they can trust.

BTW: We are working on implementing OpenID on our new website where customers and merchants instead of entering username/password can enter OpenID as well. But to be fair, I must say, that we will implement Google & Live ID once available.

Have a good day,

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the yadis mailing list