Martin v. Löwis wrote:
Can't you then produce hundreds of IDs, all delegating to the same
identity?
Yes.
But then, users can easily create as many fake accounts as they want to.
This is not something I want to happen (it's still possible to setup
fake accounts, but it should be more difficult for the average script
kiddy).
This doesn't seem to be a problem for all the other sites I use my
openid with. Why not allow users to login with their own openid, but
only allow one account to refer back to the same delegated account?
Michael
If the provider dictates the identity, as you keep insisting, that sentence
makes no sense whatsoever. The value entered as the identifier is the
identifier you should use. Otherwise, what's the point of delegation at all?
It may help users to remember their openid more easily, and always fill
in the same text into the login box.
Regards,
Martin
--
http://www.ironpythoninaction.com/
http://www.voidspace.org.uk/blog
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
