[OpenID] Fwd: OpenID Spoofing
Dick Hardt
dick at sxip.com
Thu Jan 11 22:38:02 UTC 2007
For those of you not following the ID Gang mailing list ...
Begin forwarded message:
> From: "Bob Wyman" <bob at wyman.us>
> Date: January 11, 2007 2:31:52 PM PST (CA)
> To: idworkshop at googlegroups.com
> Subject: Re: OpenID Spoofing
> Reply-To: idworkshop at googlegroups.com
>
> On 1/11/07, Dick Hardt <dick at sxip.com> wrote:
> > A couple of examples of server-side-only solutions:
> > Yahoo's cookie and picture technique is an example.
> > One of my banks makes me install a client side cert to login.
> It seems to me that some sort of a "cookbook" providing easy to
> understand documentation of these and other methods would go a long
> way to increasing the likelihood that these methods would be
> implemented. Given that this spoofing issue is probably going to
> end up being a significant barrier to wide adoption of OpenID
> (Cameron from Microsoft is already using it against OpenID), it
> would be in the interests of the everyone to ensure that these
> techniques are well known and widely deployed.
>
> bob wyman
>
>
> --~--~---------~--~----~------------~-------~--~----~
> You received this message because you are subscribed to the Google
> Groups "Identity Gang" group.
> To post to this group, send email to idworkshop at googlegroups.com
> To unsubscribe from this group, send email to idworkshop-
> unsubscribe at googlegroups.com
> For more options, visit this group at http://groups-beta.google.com/
> group/idworkshop?hl=en
> -~----------~----~----~----~------~----~------~--~---
>
More information about the general
mailing list