Luis Villa wrote: > I'm sort of surprised that there is no attempt to validate that the > openid is associated with a human. It seems like that is step 1, and > certainly part of good openid practice.
Just to be clear the spamming is current from 'non-logged in users' who are just recorded as IP addresses and who do not have an Open ID account. Currently we allowed editing by such users in the interests of a preserving a very low barrier to participation. That said I would note there is nothing to stop automated creation of Open ID accounts -- the Open ID spec is very clear that it is not a method for preventing the creation of 'spam' accounts, simply a 'better' method of doing the authentication -- i.e. the process of saying "you are X" (open id) is completely separate from the process of saying "X is a spammer" (identity and attributes are distinct). ~rufus _______________________________________________ okfn-discuss mailing list [email protected] http://lists.okfn.org/cgi-bin/mailman/listinfo/okfn-discuss
