[OSM-talk] Revert requests in general
David Earl
david at frankieandshadow.com
Thu Aug 5 20:35:54 BST 2010
On 05/08/2010 14:44, Tom Hughes wrote:
> If the OpenID provider supplies sufficient data (basically an email
> address and nickname) then they need do little more than click OK to
> accept the details and then accept the terms.
Are you going to take the email address on trust? It is really very easy
to set up an OpenID provider which supplies any old email address on
request. (There are some I think you can trust in principle - we know
for example that Google and Yahoo provide verified email addresses, but
in general I think it needs the round trip with the verification link in
the email to be trustworthy).
Also, are you able to link OpenID logins together and with existing OSM
accounts (i.e. keeping login identity separate from OSM identity and
allowing OSM identities to have multiple ways of logging in)?
David
More information about the talk
mailing list