So OpenID is good when security is of little importance? I'm not trying to be a pain, but the classic response to the trust argument is always that OpenID is meant for use cases where security isn't important.
The problem is that to every RP, security IS important. To them. - Brandon On Thu, Dec 10, 2009 at 4:49 PM, Jacob Bellamy <[email protected]> wrote: > > This might be a silly question, but isn't the interactions between banks > and government inherently different from say, a users interaction with > livejournal? In the former case, security takes precedence, and in the > latter usability does. If a bank or government institution is an RP, then > they should have every right to demand you use an OP which they trust- and > if this is the case, then it is just a matter of using whitelists. Users > should be wary regardless of using the same identity which they would use to > log in to social networking sites, in the same manner in which they should > be wary of using the same password for their hotmail and for their bank. > > > > _______________________________________________ > security mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-security > >
_______________________________________________ security mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-security
