On Jul 10, 2007, at 9:37 AM, C. Scott Ananian wrote: > As I understand the BitFrost specification, OpenID is only used to > extend the local authentication mechanisms (XO-to-school server) to > the outside world (Google backups, etc). > The actual authentication of XOs and users is done by us outside > OpenID. So the DNS weakness and MiM attacks are only valid outside > our scope.
That's correct. OpenID, in a vacuum, is a fine mechanism. It's the way people are doing authentication to their OpenID IDPs on the wider Internet that's problematic and dangerous; we can generally avoid the issues entirely by authenticating transparently to the school server in the background. -- Ivan Krstić <[EMAIL PROTECTED]> | http://radian.org _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel