---- Original Message ----- > From: "Marc A. Pelletier" <m...@uberbox.org>
> On 02/22/2013 10:43 PM, Jay Ashworth wrote: > > So, then, all OpenID guarantees is "this provider says it's the same > > person it was last time"? > > The exact semantics is, IIRC, "that person has presented credential to > us we accept as identifying them as our user $IDENTIFIER". Whether the > client trusts that $IDENTIFIER is reasonably stable for their > purposes, or that they trust our word, is their call. I'm translating that as "yes". :-) I've always looked with rather a jaundiced eye at OpenID, as it was sold as "you can run your own authenticator service", and that always struck me as "I am who I say I am", which is, obviously, pretty useless, in the general case. (Early examples showed login boxes where you *provided the URL of a random OID provider*; clearly, if the site doesn't trust said provider, the transaction is useless.) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274 _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l