[Server-devel] OpenID Authentication and the Browser
Martin Langhoff
martin.langhoff at gmail.com
Fri May 8 03:38:40 EDT 2009
On Fri, May 8, 2009 at 5:48 AM, Benjamin M. Schwartz
<bmschwar at fas.harvard.edu> wrote:
> People interested in $SUBJECT may enjoy
>
> http://almaer.com/blog/who-do-i-trust-with-my-identity-erm-how-about-me-openid-weaves-into-the-browser
>
> I haven't quite figured out what they're doing.
Makes sense -- it is the step that people who actually understand
security (that is _not_ the OpenID designers ;-) [1] ) all insist
that is required for a secure scheme to work...
IOWs, promising, but I'll wait for it to pass the Ben Laurie sniff test.
cheers,
m
[1] - That's clearly unfair, after all the attention OpenID has
gotten, I'm sure they've learned something about secuity. But surely
they didn't know much when they designed it.
--
martin.langhoff at gmail.com
martin at laptop.org -- School Server Architect
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff
More information about the Server-devel
mailing list