Hi. I'm quite new to this whole OpenID thing, though I do find the idea in itself to be wonderful. Since every little blog and photo gallery nowadays seems to require subscriptions, I've more or less given up on the password front...
Anyhow, forgive me if it has been covered before, but, I tried searching the web for three hours and couldn't find an answer, so, I thought I should ask here for a concise explanation.
My first question is regarding the Phishing attacks that are mentioned at Wikipedia [1] - Are they still valid or is it just FUD that has been floating around since an old version of the standard?
And second - While I know Man-In-The-Middle between user and OpenID-provider is quite easy to stave off, what about OpenID-provider and the website I'm trying to log in to? Whenever man-in-the-middle discussion about this appears, it's always in the form of User-to-OpenID-Provider, not the other way around.
If someone could take the time to explain this to me (or point me in the direction of an FAQ), so I could convince my boss to allow OpenID logins, I'd be very grateful. ^^
Oh, and is there some sort of community icon for OpenID I could use, to show that our website does indeed support OpenID?
Regards,
Per Ekström
[1] http://en.wikipedia.org/wiki/OpenID
_______________________________________________
board mailing list
[email protected]
http://openid.net/mailman/listinfo/board
