> The problem here, I think, is that you're expecting more from OpenID > than it really provides. OpenID lets me make an assertion about a URL > (namely, that I "am" that URL)
That's not true. The Attribute Exchange extension, and the Simple Registration extension allow precisely that. See http://openid.net/specs/openid-attribute-exchange-1_0.html http://openid.net/specs/openid-simple-registration-extension-1_0.html > and lets you verify the truth (or > falsity) of that assertion. It doesn't let me make assertions about my > real name, email address or other information, and it doesn't let you > verify the truth (or falsity) of such assertions. The PAPE extension is designed to talk about policies that a provider follows. Of course, the provider may follow additional policies, making one more trustworthy than another. > >> As a relying party, I have to trust the provider. Some providers I >> trust, others I don't (it seems that myOpendID.com is less trustworthy >> than I was originally told, in that respect). > > Somewhat sad to note: I cannot use my OpenID with PyPI. I delegate to > myopenid.com, but my OpenID is and always has been > "http://www.b-list.org/"; Did you try that out? I can't see a reason why you shouldn't be able to use that with PyPI - just follow the myOpenID link on the front page (or, if you have already a PyPI account, login, go to your user information, and *then* follow the myOpenID link). > But unless/until PyPI supports using my actual OpenID, and not just > the transient provider I happen to be delegating to at the moment, the > OpenID features on PyPI are basically useless to me. I fail to see why that is the case. Does it not work, or are you simply refusing to use even though it would work? Regards, Martin _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
