=rabbit

My feedback

  1. 199 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    117 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    =rabbit commented  · 

    It's a demo OpenID. You could easily deny access to other websites. The user could be instructed that the OpenID is for demo purposes only and can only work at demo1.com, demo2.com, etc. You also wouldn't have to delete the account. If the user tries to login to another site, the user would be halted with a "Hey! This is only a demo but you're getting the idea!" sort of message.

    =rabbit supported this idea  · 
  2. 310 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    115 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →

    That’s a great idea. It’s certainly something that OPs and RPs should take into consideration.

    There is currently some conversations going on about an OpenID Security Best Practices document; while the spec shouldn’t mandate SSL, it certainly should present the case for supporting it, ideally in a best practices doc.

    =rabbit supported this idea  · 

Feedback and Knowledge Base