diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/news/openid.mdwn | 2 | ||||
-rw-r--r-- | doc/news/openid/discussion.mdwn | 7 | ||||
-rw-r--r-- | doc/sandbox/Nur_so..mdwn | 1 |
3 files changed, 9 insertions, 1 deletions
diff --git a/doc/news/openid.mdwn b/doc/news/openid.mdwn index 4f1ee7bf7..c070c1e23 100644 --- a/doc/news/openid.mdwn +++ b/doc/news/openid.mdwn @@ -10,4 +10,4 @@ log back in, try out the OpenID signup process if you don't already have an OpenID, and see how OpenID works for you. And let me know your feelings about making such a switch. --[[Joey]] -[[!poll 64 "Accept only OpenID for logins" 21 "Accept only password logins" 36 "Accept both"]] +[[!poll 65 "Accept only OpenID for logins" 21 "Accept only password logins" 36 "Accept both"]] diff --git a/doc/news/openid/discussion.mdwn b/doc/news/openid/discussion.mdwn index e611fa77b..a79a87989 100644 --- a/doc/news/openid/discussion.mdwn +++ b/doc/news/openid/discussion.mdwn @@ -80,3 +80,10 @@ which fails here? Or is something broken in Ikiwiki's implementation? > [[bugs/OpenID_delegation_fails_on_my_server]] --[[Joey]] Yes. I'd only recently set up my server as a delegate under wordpress, so still thought that perhaps the issue was on my end. But I'd since used my delegate successfully elsewhere, so I filed it as a bug against ikiwiki. + +---- +###Pretty Painless +I just tried logging it with OpenID and it Just Worked. Pretty painless. If you want to turn off password authentication on ikiwiki.info, I say go for it. --[[blipvert]] + +###LiveJournal openid +One caveat to the above is that, of course, OpenID is a distributed trust system which means you do have to think about the trust aspect. A case in point is livejournal.com whose OpenID implementation is badly broken in one important respect: If a LiveJournal user deletes his or her journal, and a different user registers a journal with the same name (this is actually quite a common occurrence on LiveJournal), they in effect inherit the previous journal owner's identity. LiveJournal does not even have a mechanism in place for a remote site even to detect that a journal has changed hands. It is an extremely dodgy situation which they seem to have *no* intention of fixing, and the bottom line is that the "identity" represented by a *username*.livejournal.com token should not be trusted as to its long-term uniqueness. Just FYI. --[[blipvert]] diff --git a/doc/sandbox/Nur_so..mdwn b/doc/sandbox/Nur_so..mdwn new file mode 100644 index 000000000..32c9f2397 --- /dev/null +++ b/doc/sandbox/Nur_so..mdwn @@ -0,0 +1 @@ +Das ist ein Test. |