Comment 23 for bug 1169
Revision history for this message
| Kevin Turner (keturn) wrote Re: [Bug 1169] on OpenID provider clearinghouses | #23 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
On Thu, 2007-09-13 at 04:41 +0000, Sami Haahtinen wrote:
> Maybe something like a low security / high security model could be
> established. You can log in to low security mode with your OpenID
> where you are unable to add SSH and PGP keys or modify e-mail
> addresses (possibly not be able to edit user details at all) but you
> would be able to file bugs and otherwise work with launchpad. For high
> security mode you would still have to log in with a password.
I agree that it's a good idea for the application to treat user details
with special care, especially credentials like e-mail addresses which
can be used to re-claim your account, or public keys which may grant you
access elsewhere. However, if there is a password that I use _only when
adding ssh keys_, which is to say, once a year on average, I am _never_
going to remember it.
I believe this sort of model is what extensions like the OpenID Provider
Authentication Policy Extension[1] are meant to work with, but I'm not
sure if that's quite the right thing to address the concern here. Nor
am I sure if this is the proper forum to debate the merits of various
OpenID extensions.
1:
http://