security
Dick Hardt
dick at sxip.com
Mon Oct 23 03:20:22 UTC 2006
On 22-Oct-06, at 7:25 PM, Eddy Nigg (StartCom Ltd.) wrote:
>> Please have patience. We are all wanting the same thing. It is
>> important to deal with the reality of who will deploy solutions
>> like this today and get OpenID 2.0 out the door.
> No problem. However the required changes actually would be minimal
> to the specs and requiring SSL would be a good start...This would
> others allow to join really. Why not deal with some of the weak
> designs now? Personally I would be much in favor for
> this...obviously...
>> It would be great for you guys to help design extensions that are
>> more secure for the future.
> Absolutely! We got involved, because we want to be a help, not to
> be a pain in the a**. I think, we could start with part of it now
> (SSL perhaps) and continue with other security design features
> later. I would have here a few ideas for that, which would be
> protocol/flow specific...
Great, the right list for those discussions is over on
specs at openid.net ... see you there!
-- Dick
More information about the general
mailing list