That is a big question. Are you developing you own library?
Are you becoming a service provider? OSIS provides a number of protocol type tests for interoperability and security. http://osis.idcommons.net/wiki/Main_Page http://test-id.org The US Government has a published profile for openID. http://www.idmanagement.gov/documents/ICAM_OpenID20Profile.pdf If you are looking for general general information around running an IdP, that depends on a lot of things. The Kantara Identity Assurance framework may provide some insight, but is geared towards commercial IdP rather than Web 2.0. John Bradley On 2010-03-23, at 7:36 AM, Jaideep Khandelwal wrote: > Hello everyone, > > I have few queries that I need to ask , > > What are the security concerns that should be kept in a mind while > developing your own Open ID provider and what are the ways to check all the > security aspects . > Can some one suggest some of the NOT SO FAMOUS Open ID providers but > providing the end users a sense of security. > Some links and resources will be helpful and appreciated > > Thanks > > Regards > Jaideep > _______________________________________________ > security mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-security _______________________________________________ security mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-security
