[OpenID] My 2 Cents to the OpenID foundation

SitG Admin sysadmin at shadowsinthegarden.com
Wed Apr 8 23:46:14 UTC 2009

>That raises an interesting point for openID 2.1,  should the OP be 
>able to restrict the return_to URI to SSL only, in cases where it 
>wants to protect sensitive payload in the response,  or is 
>separate encryption of the token with an audience restriction better 
>using an asymmetric proof-key better?
>One thing openID needs to do is remember its use case.
>Is expanding openID to cover financial and other high value 
>transactions the correct thing to do if it raises overall complexity 
>of implementation.

A good point to remember! I think that OpenID should be kept minimal, 
with security *options* being added in like a module.


More information about the general mailing list