[OpenID] OpenID and phishing (was AnnouncingOpenIDAuthentication 2.0 - Implementor's Draft 11)
Scott Kveton
scott at janrain.com
Mon Jan 22 23:40:06 UTC 2007
>> Let's all not forget that the best part about OpenID 2.0 is that there will
>> be an OpenID 2.1, 3.0 ... Maybe even XP, Vista or 2008 (I kid). Putting a
>> requirement like the above on OpenID 2.0 will halt adoption ... We can't
>> demand that browsers and other user agents change before we move forward
>> IMHO.
>
> Open ID cannot mandate phishing protection, since that requires UA
> upgrades. It can *enable* phishing protection for suitable UAs, and
> also provide best practice sample code for OPs
Absolutely ... And I've always said this is a great option for users ... My
point is that _mandating_ or _requiring_ some client code in the near term
is unacceptable for the majority of use cases today. If support exists on
the UA, great. We'll be sure to point our users at something like that when
it becomes available.
- Scott
More information about the general
mailing list