[OSM-dev] OpenID Single sign on

Frederik Ramm frederik at remote.org
Wed Apr 18 20:29:47 BST 2007


 > Another risk of OpenID, or any third party ID
> service, is that it is subject to man in the middle attacks.  What if 
> the provider is malicious - or is subverted?

On the other hand, we don't really have a lot of secrets worth 
protecting. What harm is done if someone uses my OSM id?

In the long run, I am very much in favour of opening up OSM 
participation to anonymous users (as Wikipedia is), simply because it 
removes an extra barrier to participation.

At the moment, OSM is run mainly by "power mappers" and for them it is 
no big deal to get one account, or 10 if required.

But in the long run, I expect that we'll see more and more people who 
are just "browsing" our map, and spot a little thing they happen to know 
better, and are willing to spend a minute or two (NOT an hour or two) to 
fix it - if we want to reap that knowledge, we should not expect them to 
register first.

The reason why we are currently using accounts is - at least I've read 
that somewhere - that we may need to know all changes made by a certain 
account in case they are legally compromised and need to be reverted.

However: 1. Wikipedia can do without such measures. 2. I am very tempted 
to open a new OSM account every month, just in case. If my account 
should get broken into and someone would upload tons of copyrighted 
material, OSM according to current wisdom might have to delete all my 
contributions - by changing my account regularly, my contributions are 
partitioned and negative action would only ever affect one parcel.

I might not accumulate too many mega stars that way but get a little 
more privacy thrown in as an extra.


Frederik Ramm  ##  eMail frederik at remote.org  ##  N49°00.09' E008°23.33'

More information about the dev mailing list