[OpenID] My 2 Cents to the OpenID foundation
SitG Admin
sysadmin at shadowsinthegarden.com
Wed Apr 8 23:46:14 UTC 2009
>That raises an interesting point for openID 2.1, should the OP be
>able to restrict the return_to URI to SSL only, in cases where it
>wants to protect sensitive payload in the response, or is
>separate encryption of the token with an audience restriction better
>using an asymmetric proof-key better?
>
>One thing openID needs to do is remember its use case.
>
>Is expanding openID to cover financial and other high value
>transactions the correct thing to do if it raises overall complexity
>of implementation.
A good point to remember! I think that OpenID should be kept minimal,
with security *options* being added in like a module.
-Shade
More information about the general
mailing list