Martin v. Löwis wrote: >>> Can't you then produce hundreds of IDs, all delegating to the same >>> identity? >>> >> Yes. >> > > But then, users can easily create as many fake accounts as they want to. > This is not something I want to happen (it's still possible to setup > fake accounts, but it should be more difficult for the average script > kiddy). > > This doesn't seem to be a problem for all the other sites I use my openid with. Why not allow users to login with their own openid, but only allow one account to refer back to the same delegated account? Michael >> If the provider dictates the identity, as you keep insisting, that sentence >> makes no sense whatsoever. The value entered as the identifier is the >> identifier you should use. Otherwise, what's the point of delegation at all? >> > > It may help users to remember their openid more easily, and always fill > in the same text into the login box. > > Regards, > Martin > -- http://www.ironpythoninaction.com/ http://www.voidspace.org.uk/blog
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4