Allen Tom wrote: > > For the time being, we prefer to require CKs for client applications > (even if they can't be verified) mostly to make it easy for us to pull > the plug on specific applications if they are discovered to be severely > buggy or dangerous. We'd also like to require pre-registration of CKs so > that we know who to contact about a particular app if we have any questions. >
If I make a dangerous app using the consumer key from a popular application, would you black list that key and inconvenience all of its users? (I doubt it.) _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs