Ah, OK. Sounds reasonable to me. - Dave
On Sun, Aug 18, 2013 at 12:08 AM, Glen Mazza <[email protected]> wrote: > No, I expect there to still be hybrid (as an admin setting allowing users > a choice), it's just you can't create, for a single new user account, > multiple authentication methods for it; some new users may choose OpenID > and some may choose username/password, but not both. > > Glen > > > On 08/17/2013 10:51 AM, Dave wrote: > >> +1 >> >> I think hybrid is a nice feature, but not required. I'll be happy to have >> any form of OpenID working in Roller. If somebody needs hybrid they can do >> the work to bring it back. >> >> - Dave >> >> >> >> >> On Fri, Aug 16, 2013 at 4:38 PM, Glen Mazza <[email protected]> wrote: >> >> Team, as mentioned earlier, I plant to start looking at the OpenID in >>> Roller again. As you may recall, the Roller config file allows new user >>> accounts with "no" OpenID, "only" OpenID, or "hybrid" -- either OpenID >>> and/or password. I'd like to change that "and/or" to just an "or": >>> Right >>> now, for the new user signup screen under hybrid we allow new accounts to >>> be created with *both* a username/password and an OpenID to access that >>> account. >>> >>> What I'm proposing, for any new user account under hybrid, that there be >>> one and only one authentication mechanism (username/password *or* OpenID >>> *or* whatever else comes up in the future). It's fully the user's choice >>> (there will be radio buttons to choose the one desired), but he or she >>> can >>> only choose one. If someone has a theoretical need for both a >>> username/password *and* OpenID (I don't see why), that person would >>> create >>> two accounts instead, and just allow the second account admin rights on >>> the >>> blogs created by the first account. Such a change would keep Roller in >>> line with StackOverflow, Yahoo! Groups, and Flickr, that, while providing >>> an OpenID option, still have just one authentication mechanism per >>> account. >>> >>> It sounds sweet and helpful to allow multiple ways to log into the same >>> account, but as you expand the number of authentication options you end >>> up >>> introducing unnecessary code complexity and potential security holes >>> while >>> not providing much additional utility to users. WDYT? >>> >>> Regards, >>> Glen >>> >>> >
