diff options
Diffstat (limited to 'doc/news')
| -rw-r--r-- | doc/news/openid.mdwn | 2 | ||||
| -rw-r--r-- | doc/news/openid/discussion.mdwn | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/doc/news/openid.mdwn b/doc/news/openid.mdwn index 67bf10cb6..32325559e 100644 --- a/doc/news/openid.mdwn +++ b/doc/news/openid.mdwn @@ -10,4 +10,4 @@ log back in, try out the OpenID signup process if you don't already have an OpenID, and see how OpenID works for you. And let me know your feelings about making such a switch. --[[Joey]] -[[!poll 66 "Accept only OpenID for logins" 21 "Accept only password logins" 36 "Accept both"]] +[[!poll 66 "Accept only OpenID for logins" 21 "Accept only password logins" 37 "Accept both"]] diff --git a/doc/news/openid/discussion.mdwn b/doc/news/openid/discussion.mdwn index c0447a13f..bc9856ad9 100644 --- a/doc/news/openid/discussion.mdwn +++ b/doc/news/openid/discussion.mdwn @@ -90,3 +90,7 @@ I just tried logging it with OpenID and it Just Worked. Pretty painless. If yo ###LiveJournal openid One caveat to the above is that, of course, OpenID is a distributed trust system which means you do have to think about the trust aspect. A case in point is livejournal.com whose OpenID implementation is badly broken in one important respect: If a LiveJournal user deletes his or her journal, and a different user registers a journal with the same name (this is actually quite a common occurrence on LiveJournal), they in effect inherit the previous journal owner's identity. LiveJournal does not even have a mechanism in place for a remote site even to detect that a journal has changed hands. It is an extremely dodgy situation which they seem to have *no* intention of fixing, and the bottom line is that the "identity" represented by a *username*.livejournal.com token should not be trusted as to its long-term uniqueness. Just FYI. --[[blipvert]] + +---- + +Submitting bugs in the OpenID components will be difficult if OpenID must be working first... |