On 05/08/2010 14:44, Tom Hughes wrote:
If the OpenID provider supplies sufficient data (basically an email address and nickname) then they need do little more than click OK to accept the details and then accept the terms.
Are you going to take the email address on trust? It is really very easy to set up an OpenID provider which supplies any old email address on request. (There are some I think you can trust in principle - we know for example that Google and Yahoo provide verified email addresses, but in general I think it needs the round trip with the verification link in the email to be trustworthy).
Also, are you able to link OpenID logins together and with existing OSM accounts (i.e. keeping login identity separate from OSM identity and allowing OSM identities to have multiple ways of logging in)?
David _______________________________________________ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
