[okfn-discuss] CKAN getting spammed again

• Previous message: [okfn-discuss] CKAN getting spammed again
• Next message: [okfn-discuss] CKAN getting spammed again
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Luis Villa wrote:
> I'm sort of surprised that there is no attempt to validate that the
> openid is associated with a human. It seems like that is step 1, and
> certainly part of good openid practice.

Just to be clear the spamming is current from 'non-logged in users' who 
are just recorded as IP addresses and who do not have an Open ID 
account. Currently we allowed editing by such users in the interests of 
a preserving a very low barrier to participation.

That said I would note there is nothing to stop automated creation of 
Open ID accounts -- the Open ID spec is very clear that it is not a 
method for preventing the creation of 'spam' accounts, simply a 'better' 
method of doing the authentication -- i.e. the process of saying "you 
are X" (open id) is completely separate from the process of saying "X is 
a spammer" (identity and attributes are distinct).

~rufus

• Previous message: [okfn-discuss] CKAN getting spammed again
• Next message: [okfn-discuss] CKAN getting spammed again
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]