Re: [MLUG] OpenID

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: MLUG Members <EMAIL:PROTECTED>
Subject: Re: [MLUG] OpenID
From: Mike Miller <EMAIL:PROTECTED>
Date: Mon, 3 Dec 2007 18:34:31 -0600 (CST)
Delivery-date: Mon, 03 Dec 2007 18:34:51 -0600
Envelope-to: EMAIL:PROTECTED
In-reply-to: <EMAIL:PROTECTED>
References: <EMAIL:PROTECTED> <EMAIL:PROTECTED>
Reply-to: MLUG Members <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED

On Mon, 3 Dec 2007, ryan woodsmall wrote:

OpenID is promising, but there are security issues with their trust model, phishing and man-in-the-middle attacks.

Do you have any good resources? I found this and it makes good sense to me:

http://usablesecurity.com/2007/01/20/phishing-and-openid/

OpenID isn't usable by itself right now; other, more secure SSO solutions are required to front-end it give you any form of security whatsoever. I've looked at it, but there's no way I'd roll it out in production without some decent security studies.

That's key -- I want studies. I want confidence. These guys are supposed to be pros, but their recommendation was a sort of "trust me on this one." I'm glad I'm skeptical!

Mike

_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members

Follow-Ups:
- Re: [MLUG] OpenID
  - From: ryan woodsmall <EMAIL:PROTECTED>

References:
- [MLUG] OpenID
  - From: Mike Miller <EMAIL:PROTECTED>
- Re: [MLUG] OpenID
  - From: ryan woodsmall <EMAIL:PROTECTED>

Prev by Date: Re: [MLUG] Re: [MLUG - DISCUSSION] I saw an OpenMoko phone today...
Next by Date: Re: [MLUG] OpenID
Previous by thread: Re: [MLUG] OpenID
Next by thread: Re: [MLUG] OpenID
Index(es):
- Date
- Thread