-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin v. Löwis wrote: >> The point of OpenID is not >> to depend of a centralized service. That is the reason I have my own >> OpenID provider. > > If that's the idea, then I think OpenID is severely flawed.
The point of OpenID is something like this: * Create an account in your system. * Link that account to an unforgeable, easy to use, "token". * Everytime somebody can prove "token" ownership, the user is logged in. The OpenID is the "token". If I link my account to an OpenID and only *ME* can prove "ownership" of it when I try to login, then I can prove my identity to your system. In this aspect you don't need a "well known" OpenID provider. If fact, depending of a "well known" OpenID provider is a risk if: that provider goes down (let's say Gmail last week :-) ), it is hacked, it goes out of business, or the OpenID admins are not to be trusted. > Your provider will have to compete with the other providers to be > acceptable for PyPI, according to the criteria posted at > > http://pypi.python.org/pypi?:action=openid Of course you can require whatever you want, but I don't really see the point. I could comply with all the requirements except the first: "must be in wide use, using procedures that the community trusts". If you don't require me to use a Gmail email address, for instance, I don't see why you require I use a "widely used" OpenID provider. It is the very same thing. - -- Jesus Cea Avion _/_/ _/_/_/ _/_/_/ [email protected] - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/ jabber / xmpp:[email protected] _/_/ _/_/ _/_/_/_/_/ . _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBSqk0e5lgi5GaxT1NAQLwFwQAjwqwG0ENzzMZ1wF5gOZjR1CEXhyTxJcU 29rNiNIIgqO7Eu0IDDyVIPECR2v+bsLk7zBT4DO0IF2PdxSBGRBFfvnJ2GvyCJUD a0u+fi5fYaMDfT/9FGkf6bSe/6MFCZluZZbsZJIP2xlvFWQCxSRM45BLM3strP9h RXnOyvKurbI= =Z6jw -----END PGP SIGNATURE----- _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
