On Mon, Feb 23, 2009 at 11:00:06AM +1100, Ben Finney wrote: > > and a whitelist of identity providers that every DD can easily use > > (like alioth or debian) > > What of those that use an OpenID provider not on the whitelist? (I > imagine some not insignificant number of hackers run their own > personal OpenID server, so an ever-expanding whitelist seems not to > address the issue.) > > What of non-DDs who do not necessarily have an account on any of those > services, but are still valid users for authenticating in the Debtags > system? Fair enough, any OpenID server will probably do, as long as being authenticated doesn't automatically authorize any privileges. If Debian were an OpenID provider, then using the Debian OpenID could automatically give some authorization, like assuming that one is a DD. That could have been handy, but indeed not particularly needed. In fact, since neither Alioth nor Debian currently can act as an OpenID provider, this looks like the only way to go. Ciao, Enrico -- GPG key: 1024D/797EBFAB 2000-12-05 Enrico Zini <enrico@debian.org>
Attachment:
signature.asc
Description: Digital signature