[Server-devel] OpenID - status?
Ben Laurie
benl at google.com
Tue Jul 10 06:05:32 EDT 2007
On 7/10/07, Martin Langhoff <martin.langhoff at gmail.com> wrote:
> Hi devel, hi server-devel,
>
> I am working on Moodle's openID auth plugin. While there is an openID
> "plugin" of sorts for v1.6 I've reviewed it and it's less than
> stellar, so I'm tackling a new one.
>
> Questions:
>
> - Are we still happy with OpenID -- is Ivan still happy with it? I've
> done a bit of review of the protocol itself, and a quick chat with
> Mark Piper here in NZ reinforced my concerns - the whole thing has
> several weak points, a notable one being its blind trust of DNS. Will
> DNS be reasonably stable/trustable in our network env?
The blind trust in the relying party is more of a concern to me:
http://www.links.org/?p=187.
> - Moodle will initially know how to behave as a client. Do we want it
> to be an OpenID server too? I think we do but just to check where the
> thinking is at.
>
> cheers,
>
>
> martin
> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel
>
More information about the Server-devel
mailing list