> Martin van Löwis writes: >> But then, users can easily create as many fake accounts as they want >> to. > > What is a “fake account”?
It's one setup with malicious intent, such as spamming. > I have three OpenIDs that I use for different > purposes. On some sites, I will associate them together; on others, I > only use one. Are any of those “fake accounts”? No - since you don't have any malicious intent (I presume). > If on the other hand you mean “fake PyPI account”, there's nothing about > OpenID that circumvents a proper registration process. Well, from my view (as a relying party), THAT'S THE WHOLE POINT OF OPENID (sorry for shouting). I don't understand what's so difficult about that. Sure, it is convenient to the user to not need to remember their passwords and account names in these various sites - but OpenID also can (if done properly) simplify the life for the service operator. > An OpenID provider can provide data on the user's behalf during the PyPI > account registration process (using “Simple Registration extension”), > but there's nothing requiring you to treat that data any differently > from whatever else the user might put into a form. > > Does that address the “fake account” concern, or have I misunderstood? No. It fails to address the opportunity for a simplified registration process. Regards, Martin _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
