| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <47E78762.7020904@xs4all.nl> Date: Mon, 24 Mar 2008 11:50:10 +0100 From: Gorn <gorn@...all.nl> CC: full-disclosure@...ts.grok.org.uk Subject: Re: OpenID. The future of authentication on the web? Petko D. Petkov wrote: > Indeed but this can be a subsystem, a feature of the OpenID provider. > For example, some OpenID providers have the feature to choose > different persons depending on the usage. So it will be easier to > safeguard a persona within one openid provider. So for example, in my > current OpenID setup I have two personas. One for daily use which is > completely useless and one for mission critical stuff. Although the > mission critical persona is not safeguarded :) (lack of > functionalities here) if such a feature is implemented, wouldn't be > that much better? :) > That could be, I was more hinting to the open structure of OpenID. If you don't trust a provider choose another one. Other frameworks for online authentication/autorization don't offer this flexibility, one provider only, like passport. OpenID offers the possibility to offer competing authentication services provided by different providers. So you don't have to put all your eggs in one basket. (it is easter after all) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists