link to indieauth and mention existing problems with this approach

author https://id.koumbit.net/anarcat <https://id.koumbit.net/anarcat@web>

Wed, 13 May 2015 19:49:18 +0000 (15:49 -0400)

committer admin <admin@branchable.com>

Wed, 13 May 2015 19:49:18 +0000 (15:49 -0400)
author https://id.koumbit.net/anarcat <https://id.koumbit.net/anarcat@web>
Wed, 13 May 2015 19:49:18 +0000 (15:49 -0400)
committer admin <admin@branchable.com>
Wed, 13 May 2015 19:49:18 +0000 (15:49 -0400)
diff --git a/doc/todo/emailauth.mdwn b/doc/todo/emailauth.mdwn

index a164b783b0b995d602db317f66e4f12061402a47..fa1995712b3f2896f1fb62e7533ccb25782813e8 100644 (file)
--- a/doc/todo/emailauth.mdwn
+++ b/doc/todo/emailauth.mdwn
@@ -99,3 +99,7 @@ adminusers can be converted, perhaps automatically, to use the email
  addresses on record.
  
  Thoughts anyone? --[[Joey]]
+
+> I had looked at something like this before, through [[todo/indyauth_support]] - which basically turned out to outsource their own auth to http://intridea.github.io/omniauth/ and http://indiewebcamp.com/RelMeAuth...
+> 
+> But it seems to me that your proposal is basic "email opt-in".. the one impact this has on (drupal) sites i know is that spammers use even those forms to send random emails to users. it's weird, but it seems that some bots simply try to shove victim's emails into forms with the spam data as they can and hope for the best... it seems this could be vulnerable as well... - [[anarcat]]
author	https://id.koumbit.net/anarcat <https://id.koumbit.net/anarcat@web>
	Wed, 13 May 2015 19:49:18 +0000 (15:49 -0400)
committer	admin <admin@branchable.com>
	Wed, 13 May 2015 19:49:18 +0000 (15:49 -0400)