What measures have you implemented to prevent your own database from
being hacked?
None.
OpenID is a technique, not a 3rd-party provider. We do not hold the
identity data of everyone using OpenID, indeed we encourage everyone
to find someone (else) THEY trust (or to be responsible for their own
data, not entrusting it to anyone else). This is not a single,
ultra-secure data center such as your company (GlassHouse) might
provide; it is a distributed, decentralized assortment of data
residing on servers that might or might not be online at any given
moment. Generally they are, but given that the structure of OpenID
would permit all other users to be unaffected if a single user's
dedicated OP went offline, what do you think of taking OP's offline
when unneeded, as a defensive measure against hacking?
I did not notice any major banks or government bodies ( IE my really
important data) using open id, why is this?
You're living in the wrong country?
It took decades(!) for *seatbelts* to be implemented by a major
American automobile manufacturer (Saab), and that technology had
already proven its worth among pilots. Once widely available,
however, their popularity had attained "critical mass" and mass
adoption swiftly followed in the years to come. OpenID has not
reached this point in the 2.5 years since being invented, so it's
understandable that it hasn't automatically been accepted in such
high-level institutions the world over. If you don't want to wait a
few more years before using it with your really important data, check
with Nat Sakimura about moving to Japan (the top bank of which has
already joined the Foundation there).
-Shade resists panic through Tea
_______________________________________________
security mailing list
[email protected]
http://openid.net/mailman/listinfo/security
