[OSM-dev] OpenID Single sign on
frederik at remote.org
Wed Apr 18 20:29:47 BST 2007
> Another risk of OpenID, or any third party ID
> service, is that it is subject to man in the middle attacks. What if
> the provider is malicious - or is subverted?
On the other hand, we don't really have a lot of secrets worth
protecting. What harm is done if someone uses my OSM id?
In the long run, I am very much in favour of opening up OSM
participation to anonymous users (as Wikipedia is), simply because it
removes an extra barrier to participation.
At the moment, OSM is run mainly by "power mappers" and for them it is
no big deal to get one account, or 10 if required.
But in the long run, I expect that we'll see more and more people who
are just "browsing" our map, and spot a little thing they happen to know
better, and are willing to spend a minute or two (NOT an hour or two) to
fix it - if we want to reap that knowledge, we should not expect them to
The reason why we are currently using accounts is - at least I've read
that somewhere - that we may need to know all changes made by a certain
account in case they are legally compromised and need to be reverted.
However: 1. Wikipedia can do without such measures. 2. I am very tempted
to open a new OSM account every month, just in case. If my account
should get broken into and someone would upload tons of copyrighted
material, OSM according to current wisdom might have to delete all my
contributions - by changing my account regularly, my contributions are
partitioned and negative action would only ever affect one parcel.
I might not accumulate too many mega stars that way but get a little
more privacy thrown in as an extra.
Frederik Ramm ## eMail frederik at remote.org ## N49°00.09' E008°23.33'
More information about the dev