[Sugar-devel] [Server-devel] OpenID Authentication and the Browser

Martin Langhoff martin.langhoff at gmail.com
Fri May 8 03:38:40 EDT 2009


On Fri, May 8, 2009 at 5:48 AM, Benjamin M. Schwartz
<bmschwar at fas.harvard.edu> wrote:
> People interested in $SUBJECT may enjoy
>
> http://almaer.com/blog/who-do-i-trust-with-my-identity-erm-how-about-me-openid-weaves-into-the-browser
>
> I haven't quite figured out what they're doing.

Makes sense -- it is the step that people who actually understand
security (that is _not_ the OpenID designers ;-)  [1] ) all insist
that is required for a secure scheme to work...

IOWs, promising, but I'll wait for it to pass the Ben Laurie sniff test.

cheers,



m
[1] - That's clearly unfair, after all the attention OpenID has
gotten, I'm sure they've learned something about secuity. But surely
they didn't know much when they designed it.
-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff


More information about the Sugar-devel mailing list