[OpenID] Fwd: OpenID Spoofing

Scott Kveton scott at janrain.com
Fri Jan 12 18:29:27 UTC 2007


>> http://radar.oreilly.com/archives/2007/01/firefox_30_requ.html
> 
> I really hate to say it in this forum, but we (myself included) often forget
> that the world isn't spinning around OpenID.

I'm not sure you read that article.  To quote the O'Reilly article (which
quotes the Mozilla wiki on Firefox 3.0 features):

"In the security front: support for Microsoft CardSpace and OpenID (check
tomorrow¹s article for more coverage on this). Smarter credentials
handling."

I would think "security front" means helping secure credentials such as
those provided by an OpenID identity provider or a users Card in the
CardSpace model.
 
> Why should an OpenID provider be a special case? Just assign it a petname,
> and you're done. I'm not sure whether Petnames are expected to be part of FF
> 3.0, but they certainly seem to do the trick.

I wouldn't call an OpenID provider a special case.  I'm willing to bet Six
Apart, Technorati, Sxip, Verisign, videntity and claimID would all agree
with me on this (note: all of these folks are OpenID providers).

- Scott




More information about the general mailing list