OpenID

[anand]

http://www.danga.com/openid/

Any comments ?

[Roel Groeneveld]

I think it's an interesting idea.

But it really doesn't validate your identity, since anyone can fill
out your blog url when he/she comments somewhere, right?

So how would you use this then?

Roel

On 5/19/05, anand <tamizh...@gmail.com> wrote:
>
> http://www.danga.com/openid/
>
> Any comments ?
>
>


--

[w] http://roelg.nl
[e] roel.gr...@gmail.com
[im] icq: 173708392 / msn: roelgro...@hotmail.com / skype: roelgroeneveld

[Jeroen Budts]

On 5/19/05, Roel Groeneveld <roel.gr...@gmail.com> wrote:

I think it's an interesting idea.

This is indeed an interesting  idea.

But it really doesn't validate your identity, since anyone can fill
out your blog url when he/she comments somewhere, right?

I think this is not possible since your blog will check if you are logged-in. So when i use your blog url your blog will present me a loggin page (or simply tell openId that i'm not authorized)

trex

--
<TeRanEX />
  jbu...@gmail.com - ter...@jabber.org
  http://budts.be/weblog/ - http://budts.be/jeroen/
  Currently testing Google Gmail, 1000MB free webmail storrage :-)

[Roel Groeneveld]

> > But it really doesn't validate your identity, since anyone can fill
> > out your blog url when he/she comments somewhere, right?
>
> I think this is not possible since your blog will check if you are
> logged-in. So when i use your blog url your blog will present me a loggin
> page (or simply tell openId that i'm not authorized)
>

Aha! Must have read it a bit too fast then. ;)

[Bert Garcia]

anand wrote:

> http://www.danga.com/openid/
>
> Any comments ?

That's very similar to what Drupal has in their system. Once you get an
ID at one Drupal site, you can use it at other Drupal sites.

http://drupal.org/node/312

--
bert garcia
__O
_-\<,_
(_)/ (_)
http://hcgtv.com http://nupusi.com

[Jeroen Budts]

On 5/19/05, Bert Garcia <hcgt...@gmail.com> wrote:

anand wrote:

> http://www.danga.com/openid/
>
> Any comments ?

That's very similar to what Drupal has in their system. Once you get an
ID at one Drupal site, you can use it at other Drupal sites.

http://drupal.org/node/312

With the difference that drupal automatically creates a new account on
the other site when you log in for the first time. OpenID does not do
this. (at least that's how i understood it)

[Jan Albrecht]

Jeroen Budts wrote:

>With the difference that drupal automatically creates a new account on
>the other site when you log in for the first time. OpenID does not do
>this. (at least that's how i understood it)
>

If OpenID does not create automatically new accounts in other systems,
it would be (my opinion) a security improvment. Othewhise I think
spammers may be able to use it in their own way?

Normally, if you use one of this systems, you use it for the reason,
that you don't have to reauthenticate yourself every time, you reenter a
blog/website/system/whatever, don't you? So what if a spammer uses
OpenID? Can he use it to "create" a valid ticket for your system an fill
up your comments?

Jaal

[Roel Groeneveld]

Quoting the page Anand linked to:

"What about trust?

This is not a trust system. Trust requires identity first.
What about spam?

Again, this is not a trust system.

Somebody could run their own identity server that says they're
http://spammer.example.com/000001/ all the way to
http://spammer.example.com/999999/ and that's not a goal of this
system to prevent. It's another layer's job to say the identities with
URL spammer.example.com/* is a spammer, or some ID server is a known
spammer, or some particular identity is a known spammer.

What this does prevent is anybody but that spammer from using that
identity URL. While somebody else could make their ID server say that
they're that http://spammer.example.com/000001/ URL, a) why would
they?, and b) unless they also controlled the host
spammer.example.com, they couldn't change the <link rel=..> tag to
point to their rogue identity server."

So it cannot prevent spamming. But it can guarantee a certain identity.

Roel