diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/todo/emailauth.mdwn | 4 | ||||
| -rw-r--r-- | doc/todo/indyauth_support.mdwn | 9 |
2 files changed, 13 insertions, 0 deletions
diff --git a/doc/todo/emailauth.mdwn b/doc/todo/emailauth.mdwn index a164b783b..fa1995712 100644 --- a/doc/todo/emailauth.mdwn +++ b/doc/todo/emailauth.mdwn @@ -99,3 +99,7 @@ adminusers can be converted, perhaps automatically, to use the email addresses on record. Thoughts anyone? --[[Joey]] + +> I had looked at something like this before, through [[todo/indyauth_support]] - which basically turned out to outsource their own auth to http://intridea.github.io/omniauth/ and http://indiewebcamp.com/RelMeAuth... +> +> But it seems to me that your proposal is basic "email opt-in".. the one impact this has on (drupal) sites i know is that spammers use even those forms to send random emails to users. it's weird, but it seems that some bots simply try to shove victim's emails into forms with the spam data as they can and hope for the best... it seems this could be vulnerable as well... - [[anarcat]] diff --git a/doc/todo/indyauth_support.mdwn b/doc/todo/indyauth_support.mdwn index 51389ad50..1dec10335 100644 --- a/doc/todo/indyauth_support.mdwn +++ b/doc/todo/indyauth_support.mdwn @@ -1,3 +1,12 @@ this looks pretty awesome: <https://indieauth.com/> anyone working on a plugin or has ideas on how to implement this? --[[anarcat]] + +> My understanding of indyauth is that the wiki owner would need to pick an +> indyauth provider, which handles the communication with the Big Silos. +> +> I guess the wiki owner could run their own, but they'd be more likely to +> run the one provided by the indyauth people. So, this is effectively +> centralized, although without lock-in. +> +> Also, see related <https://indiecert.net/> --[[Joey]] |