[Server-devel] OpenID - status?
Martin Langhoff
martin.langhoff at gmail.com
Tue Jul 10 04:52:51 EDT 2007
Hi devel, hi server-devel,
I am working on Moodle's openID auth plugin. While there is an openID
"plugin" of sorts for v1.6 I've reviewed it and it's less than
stellar, so I'm tackling a new one.
Questions:
- Are we still happy with OpenID -- is Ivan still happy with it? I've
done a bit of review of the protocol itself, and a quick chat with
Mark Piper here in NZ reinforced my concerns - the whole thing has
several weak points, a notable one being its blind trust of DNS. Will
DNS be reasonably stable/trustable in our network env?
- Moodle will initially know how to behave as a client. Do we want it
to be an OpenID server too? I think we do but just to check where the
thinking is at.
cheers,
martin
More information about the Server-devel
mailing list