[OpenID] OpenID and phishing (was Announcing OpenIDAuthentication 2.0 - Implementor's Draft 11)
Mike Beltzner
beltzner at mozilla.com
Fri Jan 19 22:55:48 UTC 2007
On 19-Jan-07, at 1:52 PM, Scott Kveton wrote:
>> Regarding anti-phishing & IE - isn't that one of the main design
>> goals of
>> Cardspace?
>>
>> Scenario: Login to your OP with Cardspace and not worry about
>> phishing?
>>
>> My only point here is that I think the IE people probably think
>> they *have*
>> a solution, which may or may not be appealing to people here.
>
> I'd hate to assume something like that without asking. I would
> think as a
> browser vendor you'd want to support multiple "standards" ... The
> browser is
> a platform, not a channel to your specific technology. My point is,
> shouldn't we at least ask? Which leads me back to, does anybody
> know anyone
> on the IE development team?
I have some contacts with folks like Rob Franco and Kelvin Yiu.
They're pretty approachable.
> It should be noted that in addition to the Firefox 3.0 requirements
> including OpenID, they also listed CardSpace. The two aren't mutually
> exclusive IMHO.
Obviously, I agree. :)
It would actually be useful to categorize the user problems and
security risks/problems, and draw up a chart illustrating how the
various specifications out there are trying to address those
problems. I keep feeling like OpenID and Cardspace are tackling
slightly different problems - at the risk of horrendously offending
people on this list (which isn't my intent, so please read what I'm
about to write with an open mind and heart!) ..:
* OpenID seems to be more focused on SSO, though the extensions
allow for more
* CardSpace seems to be about simplifying and securing the
transmission of personal information
cheers,
mike
More information about the general
mailing list