[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
The only issue I see is that OpenID doesn't provide "trust". All you know is that "URI-1" is probably "URI-1" again. We do that level of security with SSH (it warns you if the server isn't the same server as it was before) before you pass credentials to establish trust. You don't know if URI-1 is a spammer, so you still want to make them answer a captcha. Of course OpenID provides a framework in which trust can be provided. We could decide that a provider is good enough not to need a captcha. Inevitably one of these schemes will succeed, and it looks like OpenID will be that scheme at the moment. But the idea that it is a URL you control is irrelevant details, ultimately if it succeeds your bank will provide you an OpenID, that they guarantee for £${account_balance}. Presumably people will have several OpenID identities (I expect the spammer already have 10,000's), as you wouldn't want to discovered you can't post to "natwestsucks.com" because they just suspended your bank account. Although I may have misunderstood the framework. So you'll still have multiple accounts, and multiple passwords, just fewer, and you won't send the password to random people. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html