[OpenID] How to prove identity without leaving RP?
SitG Admin
sysadmin at shadowsinthegarden.com
Wed Apr 9 20:47:21 UTC 2008
>in this scenario, user first visits the OP; what I had in mind is
>more: is it possible for a user to submit his credentials directly
>on the RP page (even if the login form is an iframe to the OP or any
>other 'clever' mechanism)
Maybe a pop-up window? But that doesn't neatly fit the "never leaving
that page" idea. I'd consider it safe if you were using a password
that only applied to THAT site (so a malicious site couldn't use the
credentials even if it stole them), but that sort of destroys the
whole single-sign-on idea :)
-Shade
More information about the general
mailing list