+1 I think hybrid is a nice feature, but not required. I'll be happy to have any form of OpenID working in Roller. If somebody needs hybrid they can do the work to bring it back.
- Dave On Fri, Aug 16, 2013 at 4:38 PM, Glen Mazza <[email protected]> wrote: > Team, as mentioned earlier, I plant to start looking at the OpenID in > Roller again. As you may recall, the Roller config file allows new user > accounts with "no" OpenID, "only" OpenID, or "hybrid" -- either OpenID > and/or password. I'd like to change that "and/or" to just an "or": Right > now, for the new user signup screen under hybrid we allow new accounts to > be created with *both* a username/password and an OpenID to access that > account. > > What I'm proposing, for any new user account under hybrid, that there be > one and only one authentication mechanism (username/password *or* OpenID > *or* whatever else comes up in the future). It's fully the user's choice > (there will be radio buttons to choose the one desired), but he or she can > only choose one. If someone has a theoretical need for both a > username/password *and* OpenID (I don't see why), that person would create > two accounts instead, and just allow the second account admin rights on the > blogs created by the first account. Such a change would keep Roller in > line with StackOverflow, Yahoo! Groups, and Flickr, that, while providing > an OpenID option, still have just one authentication mechanism per account. > > It sounds sweet and helpful to allow multiple ways to log into the same > account, but as you expand the number of authentication options you end up > introducing unnecessary code complexity and potential security holes while > not providing much additional utility to users. WDYT? > > Regards, > Glen >
